isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth_getpass() returns a dynamically allocated copy of the plaintext

Browse Source 
password which needs to be freed after checking (and clearing) it.
This commit is contained in:
Todd C. Miller
2016-01-27 15:36:50 -07:00
parent 91bce65e29
commit ab11cdde2c
7 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/auth/fwtk.c
View File

@@ -93,6 +93,7 @@ restart:
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass && *pass == '\0') {
free(pass);
pass = auth_getpass("Response [echo on]: ",
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON, callback);
}
@@ -132,8 +133,9 @@ restart:
sudo_warnx("%s", resp);
error = AUTH_FAILURE;
done:
memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
memset_s(buf, sizeof(buf), 0, sizeof(buf));
memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
free(pass);
debug_return_int(error);
}