diff options
| author |   millert <millert@openbsd.org> | 2008-04-04 17:42:39 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2008-04-04 17:42:39 +0000 |
| commit | 2b0e3e016bfa1137a35c1b66811ef11653108332 (patch) | |
| tree | e83690d74dce7a024108d62f5261798b3342b6f3 /lib/libc/gen/authenticate.c | |
| parent | tht is cool cos it generates interrupts when the link state change. (diff) | |
| download | wireguard-openbsd-2b0e3e016bfa1137a35c1b66811ef11653108332.tar.xz wireguard-openbsd-2b0e3e016bfa1137a35c1b66811ef11653108332.zip | |
Zero out the password/response argument in the simplified BSD auth
interafces. Otherwise, we end up with an extra copy in memory when
auth_call() forks that is not possible to clear.
Diffstat (limited to 'lib/libc/gen/authenticate.c')
| -rw-r--r-- | lib/libc/gen/authenticate.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libc/gen/authenticate.c b/lib/libc/gen/authenticate.c index 1ef26b683b9..b9cd63a0928 100644 --- a/lib/libc/gen/authenticate.c +++ b/lib/libc/gen/authenticate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authenticate.c,v 1.16 2007/09/17 07:07:23 moritz Exp $ */ +/* $OpenBSD: authenticate.c,v 1.17 2008/04/04 17:42:39 millert Exp $ */ /*- * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -348,6 +348,7 @@ auth_usercheck(char *name, char *style, char *type, char *password) auth_setitem(as, AUTHV_SERVICE, "response"); auth_setdata(as, "", 1); auth_setdata(as, password, strlen(password) + 1); + memset(password, 0, strlen(password)); } else as = NULL; as = auth_verify(as, style, name, lc->lc_class, (char *)NULL); @@ -451,9 +452,10 @@ auth_userresponse(auth_session_t *as, char *response, int more) auth_setdata(as, challenge, strlen(challenge) + 1); else auth_setdata(as, "", 1); - if (response) + if (response) { auth_setdata(as, response, strlen(response) + 1); - else + memset(response, 0, strlen(response)); + } else auth_setdata(as, "", 1); auth_call(as, path, style, "-s", "response", name, class, (char *)NULL); |