From d5c01cfd6e47503fb597c5568f43cdf079a30719 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Thu, 4 Jan 2024 18:24:05 +0100
Subject: pam_unix: clean additional possible sensitive buffers

---
 modules/pam_unix/bigcrypt.c        | 3 +++
 modules/pam_unix/pam_unix_passwd.c | 3 ++-
 modules/pam_unix/passverify.c      | 3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'modules/pam_unix')

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index f7c35a47..be7cdb93 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -107,6 +107,7 @@ char *bigcrypt(const char *key, const char *salt)
 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
 #endif
 	if (tmp_ptr == NULL) {
+		pam_overwrite_array(keybuf);
 		free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
 		free(cdata);
@@ -136,6 +137,7 @@ char *bigcrypt(const char *key, const char *salt)
 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
 #endif
 			if (tmp_ptr == NULL) {
+				pam_overwrite_array(keybuf);
 				pam_overwrite_string(dec_c2_cryptbuf);
 				free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
@@ -156,6 +158,7 @@ char *bigcrypt(const char *key, const char *salt)
 	}
 	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
 
+	pam_overwrite_array(keybuf);
 #ifdef HAVE_CRYPT_R
 	pam_overwrite_object(cdata);
 	free(cdata);
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 3a223949..b915ce66 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -350,7 +350,7 @@ static int check_old_password(const char *forwho, const char *newpass)
 	if (opwfile == NULL)
 		return PAM_ABORT;
 
-	while (getline(&buf, &n, opwfile) != -1) {
+	for (; getline(&buf, &n, opwfile) != -1; pam_overwrite_n(buf, n)) {
 		if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
 			buf[len] == ',')) {
 			char *sptr;
@@ -372,6 +372,7 @@ static int check_old_password(const char *forwho, const char *newpass)
 			break;
 		}
 	}
+	pam_overwrite_n(buf, n);
 	free(buf);
 	fclose(opwfile);
 
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 2c95bba2..426d4028 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -729,7 +729,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
 	goto done;
     }
 
-    while (getline(&buf, &bufsize, opwfile) != -1) {
+    for (; getline(&buf, &bufsize, opwfile) != -1; pam_overwrite_n(buf, bufsize)) {
 	if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) {
 	    char *ep, *sptr = NULL;
 	    long value;
@@ -779,6 +779,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
 	    break;
 	}
     }
+    pam_overwrite_n(buf, bufsize);
     free(buf);
     fclose(opwfile);
 
-- 
cgit v1.2.3