From 1a189b090270cf930b62ca005ad7e287e12fe04c Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Wed, 17 Jan 2024 15:32:21 +0100
Subject: pam_unix: cleanse crypt data

Cleanse the crypt data also in the failure branch to sanitize in case of
partial data being written.
---
 modules/pam_unix/bigcrypt.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/pam_unix')

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index 1b32c3f2..296e01f7 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -109,6 +109,7 @@ char *bigcrypt(const char *key, const char *salt)
 		pam_overwrite_array(keybuf);
 		free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
+		pam_overwrite_object(cdata);
 		free(cdata);
 #endif
 		return NULL;
-- 
cgit v1.2.3