36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From b3834bbf248f3376ada8fc44166cba38c8ad4bcf Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Thu, 17 Nov 2022 08:10:35 -0700
|
|
Subject: [PATCH] sudo_passwd_cleanup: Set auth->data to NULL after freeing.
|
|
GitHub issue #201
|
|
|
|
---
|
|
plugins/sudoers/auth/passwd.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
|
|
index 89da96ff6..6967e4fff 100644
|
|
--- a/plugins/sudoers/auth/passwd.c
|
|
+++ b/plugins/sudoers/auth/passwd.c
|
|
@@ -117,11 +117,14 @@ sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct
|
|
int
|
|
sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
|
|
{
|
|
- char *pw_epasswd = auth->data;
|
|
debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH);
|
|
|
|
- if (pw_epasswd != NULL)
|
|
- freezero(pw_epasswd, strlen(pw_epasswd));
|
|
+ if (auth->data != NULL) {
|
|
+ /* Zero out encrypted password before freeing. */
|
|
+ size_t len = strlen((char *)auth->data);
|
|
+ freezero(auth->data, len);
|
|
+ auth->data = NULL;
|
|
+ }
|
|
|
|
debug_return_int(AUTH_SUCCESS);
|
|
}
|
|
--
|
|
2.27.0
|
|
|