isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The user's password was not zeroed after use when AIX authentication,

Browse Source 
BSD authentication, FWTK or PAM was in use.
This commit is contained in:
Todd C. Miller
2002-01-21 22:25:14 +00:00
parent 73979f1a24
commit 0ebe32423f
4 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
auth/aix_auth.c
View File

@@ -72,10 +72,13 @@ aixauth_verify(pw, prompt, auth)
{
char *message, *pass;
int reenter = 1;
int rval = AUTH_FAILURE;
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
return(AUTH_SUCCESS);
else
return(AUTH_FAILURE);
if (pass) {
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
rval = AUTH_SUCCESS;
memset(pass, 0, strlen(pass));
}
return(rval);
}