The user's password was not zeroed after use when AIX authentication,
BSD authentication, FWTK or PAM was in use.
This commit is contained in:
Todd C. Miller
@@ -72,10 +72,13 @@ aixauth_verify(pw, prompt, auth)
|
|||||||
{
|
{
|
||||||
char *message, *pass;
|
char *message, *pass;
|
||||||
int reenter = 1;
|
int reenter = 1;
|
||||||
|
int rval = AUTH_FAILURE;
|
||||||
|
|
||||||
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
|
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
|
||||||
if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
if (pass) {
|
||||||
return(AUTH_SUCCESS);
|
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
||||||
else
|
rval = AUTH_SUCCESS;
|
||||||
return(AUTH_FAILURE);
|
memset(pass, 0, strlen(pass));
|
||||||
|
}
|
||||||
|
return(rval);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -113,7 +113,7 @@ bsdauth_verify(pw, prompt, auth)
|
|||||||
{
|
{
|
||||||
char *s, *pass;
|
char *s, *pass;
|
||||||
size_t len;
|
size_t len;
|
||||||
int authok;
|
int authok = 0;
|
||||||
sig_t childkiller;
|
sig_t childkiller;
|
||||||
auth_session_t *as = (auth_session_t *) auth->data;
|
auth_session_t *as = (auth_session_t *) auth->data;
|
||||||
extern int nil_pw;
|
extern int nil_pw;
|
||||||
@@ -154,7 +154,10 @@ bsdauth_verify(pw, prompt, auth)
|
|||||||
if (!pass || *pass == '\0') /* ^C or empty password */
|
if (!pass || *pass == '\0') /* ^C or empty password */
|
||||||
nil_pw = 1;
|
nil_pw = 1;
|
||||||
|
|
||||||
authok = pass ? auth_userresponse(as, pass, 1) : 0;
|
if (pass) {
|
||||||
|
authok = auth_userresponse(as, pass, 1);
|
||||||
|
memset(pass, 0, strlen(pass));
|
||||||
|
}
|
||||||
|
|
||||||
/* restore old signal handler */
|
/* restore old signal handler */
|
||||||
(void)signal(SIGCHLD, childkiller);
|
(void)signal(SIGCHLD, childkiller);
|
||||||
|
|||||||
16
auth/fwtk.c
16
auth/fwtk.c
@@ -111,6 +111,7 @@ fwtk_verify(pw, prompt, auth)
|
|||||||
char *pass; /* Password from the user */
|
char *pass; /* Password from the user */
|
||||||
char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
|
char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
|
||||||
char resp[128]; /* Response from the server */
|
char resp[128]; /* Response from the server */
|
||||||
|
int error;
|
||||||
extern int nil_pw;
|
extern int nil_pw;
|
||||||
|
|
||||||
/* Send username to authentication server. */
|
/* Send username to authentication server. */
|
||||||
@@ -147,16 +148,23 @@ fwtk_verify(pw, prompt, auth)
|
|||||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||||
(void) fprintf(stderr,
|
(void) fprintf(stderr,
|
||||||
"%s: lost connection to authentication server.\n", Argv[0]);
|
"%s: lost connection to authentication server.\n", Argv[0]);
|
||||||
return(AUTH_FATAL);
|
error = AUTH_FATAL;
|
||||||
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strncmp(resp, "ok", 2) == 0)
|
if (strncmp(resp, "ok", 2) == 0) {
|
||||||
return(AUTH_SUCCESS);
|
error = AUTH_SUCCESS;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
/* Main loop prints "Permission Denied" or insult. */
|
/* Main loop prints "Permission Denied" or insult. */
|
||||||
if (strcmp(resp, "Permission Denied.") != 0)
|
if (strcmp(resp, "Permission Denied.") != 0)
|
||||||
fprintf(stderr, "%s: %s\n", Argv[0], resp);
|
fprintf(stderr, "%s: %s\n", Argv[0], resp);
|
||||||
return(AUTH_FAILURE);
|
error = AUTH_FAILURE;
|
||||||
|
done:
|
||||||
|
memset(pass, 0, strlen(pass));
|
||||||
|
memset(buf, 0, strlen(buf));
|
||||||
|
return(error);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|||||||
10
auth/pam.c
10
auth/pam.c
@@ -203,6 +203,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
|
|||||||
struct pam_response *pr;
|
struct pam_response *pr;
|
||||||
PAM_CONST struct pam_message *pm;
|
PAM_CONST struct pam_message *pm;
|
||||||
const char *p = def_prompt;
|
const char *p = def_prompt;
|
||||||
|
char *pass;
|
||||||
extern int nil_pw;
|
extern int nil_pw;
|
||||||
|
|
||||||
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
|
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
|
||||||
@@ -219,12 +220,13 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
|
|||||||
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
|
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
|
||||||
p = pm->msg;
|
p = pm->msg;
|
||||||
/* Read the password. */
|
/* Read the password. */
|
||||||
pr->resp = estrdup((char *) tgetpass(p,
|
pass = tgetpass(p, def_ival(I_PASSWD_TIMEOUT) * 60,
|
||||||
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
|
tgetpass_flags));
|
||||||
if (pr->resp == NULL)
|
pr->resp = pass ? estrdup(pass) : "";
|
||||||
pr->resp = "";
|
|
||||||
if (*pr->resp == '\0')
|
if (*pr->resp == '\0')
|
||||||
nil_pw = 1; /* empty password */
|
nil_pw = 1; /* empty password */
|
||||||
|
else
|
||||||
|
memset(pass, 0, strlen(pass));
|
||||||
break;
|
break;
|
||||||
case PAM_TEXT_INFO:
|
case PAM_TEXT_INFO:
|
||||||
if (pm->msg)
|
if (pm->msg)
|
||||||
|
|||||||
Reference in New Issue
Block a user