The user's password was not zeroed after use when AIX authentication,
BSD authentication, FWTK or PAM was in use.
This commit is contained in:
Todd C. Miller
@@ -72,10 +72,13 @@ aixauth_verify(pw, prompt, auth)
|
||||
{
|
||||
char *message, *pass;
|
||||
int reenter = 1;
|
||||
int rval = AUTH_FAILURE;
|
||||
|
||||
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
|
||||
if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
||||
return(AUTH_SUCCESS);
|
||||
else
|
||||
return(AUTH_FAILURE);
|
||||
if (pass) {
|
||||
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
|
||||
rval = AUTH_SUCCESS;
|
||||
memset(pass, 0, strlen(pass));
|
||||
}
|
||||
return(rval);
|
||||
}
|
||||
|
||||
@@ -113,7 +113,7 @@ bsdauth_verify(pw, prompt, auth)
|
||||
{
|
||||
char *s, *pass;
|
||||
size_t len;
|
||||
int authok;
|
||||
int authok = 0;
|
||||
sig_t childkiller;
|
||||
auth_session_t *as = (auth_session_t *) auth->data;
|
||||
extern int nil_pw;
|
||||
@@ -154,7 +154,10 @@ bsdauth_verify(pw, prompt, auth)
|
||||
if (!pass || *pass == '\0') /* ^C or empty password */
|
||||
nil_pw = 1;
|
||||
|
||||
authok = pass ? auth_userresponse(as, pass, 1) : 0;
|
||||
if (pass) {
|
||||
authok = auth_userresponse(as, pass, 1);
|
||||
memset(pass, 0, strlen(pass));
|
||||
}
|
||||
|
||||
/* restore old signal handler */
|
||||
(void)signal(SIGCHLD, childkiller);
|
||||
|
||||
16
auth/fwtk.c
16
auth/fwtk.c
@@ -111,6 +111,7 @@ fwtk_verify(pw, prompt, auth)
|
||||
char *pass; /* Password from the user */
|
||||
char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
|
||||
char resp[128]; /* Response from the server */
|
||||
int error;
|
||||
extern int nil_pw;
|
||||
|
||||
/* Send username to authentication server. */
|
||||
@@ -147,16 +148,23 @@ fwtk_verify(pw, prompt, auth)
|
||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||
(void) fprintf(stderr,
|
||||
"%s: lost connection to authentication server.\n", Argv[0]);
|
||||
return(AUTH_FATAL);
|
||||
error = AUTH_FATAL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (strncmp(resp, "ok", 2) == 0)
|
||||
return(AUTH_SUCCESS);
|
||||
if (strncmp(resp, "ok", 2) == 0) {
|
||||
error = AUTH_SUCCESS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Main loop prints "Permission Denied" or insult. */
|
||||
if (strcmp(resp, "Permission Denied.") != 0)
|
||||
fprintf(stderr, "%s: %s\n", Argv[0], resp);
|
||||
return(AUTH_FAILURE);
|
||||
error = AUTH_FAILURE;
|
||||
done:
|
||||
memset(pass, 0, strlen(pass));
|
||||
memset(buf, 0, strlen(buf));
|
||||
return(error);
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
10
auth/pam.c
10
auth/pam.c
@@ -203,6 +203,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
|
||||
struct pam_response *pr;
|
||||
PAM_CONST struct pam_message *pm;
|
||||
const char *p = def_prompt;
|
||||
char *pass;
|
||||
extern int nil_pw;
|
||||
|
||||
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
|
||||
@@ -219,12 +220,13 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
|
||||
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
|
||||
p = pm->msg;
|
||||
/* Read the password. */
|
||||
pr->resp = estrdup((char *) tgetpass(p,
|
||||
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
|
||||
if (pr->resp == NULL)
|
||||
pr->resp = "";
|
||||
pass = tgetpass(p, def_ival(I_PASSWD_TIMEOUT) * 60,
|
||||
tgetpass_flags));
|
||||
pr->resp = pass ? estrdup(pass) : "";
|
||||
if (*pr->resp == '\0')
|
||||
nil_pw = 1; /* empty password */
|
||||
else
|
||||
memset(pass, 0, strlen(pass));
|
||||
break;
|
||||
case PAM_TEXT_INFO:
|
||||
if (pm->msg)
|
||||
|
||||
Reference in New Issue
Block a user