shadow/backport-src-gpasswd-Clear-password-in-more-cases.patch

From 6b4bbbeecd676c9423f82658bb3a8f6990218e8d Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 19 Jan 2025 21:27:50 +0100
Subject: [PATCH] src/gpasswd: Clear password in more cases

If encryption of password fails, clear the memory before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/gpasswd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 560b0ea7..e9e111a9 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -864,13 +864,13 @@ static void change_passwd (struct group *gr)
 
 	salt = crypt_make_salt (NULL, NULL);
 	cp = pw_encrypt (pass, salt);
+	memzero (pass, sizeof pass);
 	if (NULL == cp) {
 		fprintf (stderr,
 		         _("%s: failed to crypt password with salt '%s': %s\n"),
 		         Prog, salt, strerror (errno));
 		exit (1);
 	}
-	memzero (pass, sizeof pass);
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
 		gr->gr_passwd = SHADOW_PASSWD_STRING;
-- 
2.33.0