46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
|
From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001
|
||
|
|
From: "Andrew G. Morgan" <morgan@kernel.org>
|
||
|
|
Date: Fri, 22 Dec 2023 06:37:02 -0800
|
||
|
|
Subject: Stop using _pam_overwrite() in pam_cap.c.
|
||
|
|
|
||
|
|
It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization
|
||
|
|
is hard to account for: apparently this explicit deletion is no longer
|
||
|
|
guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM.
|
||
|
|
|
||
|
|
I've replaced its use with memset(). I'm not convinced that that will be honored
|
||
|
|
either, but remain hopeful and prefer to leave the code explicit in its intent
|
||
|
|
without a deprecation warning messing up the build log. Should some compiler
|
||
|
|
optimize it away and it leads to an exploit of some sort, it can be revealed as
|
||
|
|
a compilation bug.
|
||
|
|
|
||
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
||
|
|
---
|
||
|
|
pam_cap/pam_cap.c | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
|
||
|
|
index b9419cb..3fe3b8c 100644
|
||
|
|
--- a/pam_cap/pam_cap.c
|
||
|
|
+++ b/pam_cap/pam_cap.c
|
||
|
|
@@ -199,7 +199,7 @@ defer:
|
||
|
|
int i;
|
||
|
|
for (i = 0; i < groups_n; i++) {
|
||
|
|
char *g = groups[i];
|
||
|
|
- _pam_overwrite(g);
|
||
|
|
+ memset(g, 0, strlen(g));
|
||
|
|
_pam_drop(g);
|
||
|
|
}
|
||
|
|
if (groups != NULL) {
|
||
|
|
@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||
|
|
small race associated with a redundant read of the
|
||
|
|
config. */
|
||
|
|
|
||
|
|
- _pam_overwrite(conf_caps);
|
||
|
|
+ memset(conf_caps, 0, strlen(conf_caps));
|
||
|
|
_pam_drop(conf_caps);
|
||
|
|
|
||
|
|
return PAM_SUCCESS;
|
||
|
|
--
|
||
|
|
cgit 1.2.3-korg
|
||
|
|
|