isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth_getpass() returns a dynamically allocated copy of the plaintext

Browse Source 
password which needs to be freed after checking (and clearing) it.
This commit is contained in:
Todd C. Miller
2016-01-27 15:36:50 -07:00
parent 91bce65e29
commit ab11cdde2c
7 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/sudoers/auth/aix_auth.c
View File

@@ -144,6 +144,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
message = NULL;
result = authenticate(pw->pw_name, pass, &reenter, &message);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
free(pass);
prompt = message;
} while (reenter);