From 0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Tue, 16 Jan 2024 15:12:58 +0100 Subject: modules: zero out crypt_r(3) data before usage The manual page of crypt_r(3) recommends to zero the entire data object. --- modules/pam_userdb/pam_userdb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules/pam_userdb') diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 0b5e5965..7e1407f4 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -287,11 +287,10 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, } else { #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata == NULL) { pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data"); } else { - cdata->initialized = 0; cryptpw = crypt_r(pass, pwhash, cdata); } #else -- cgit v1.2.3