isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth_getpass() returns a dynamically allocated copy of the plaintext

Browse Source 
password which needs to be freed after checking (and clearing) it.
This commit is contained in:
Todd C. Miller
2016-01-27 15:36:50 -07:00
parent 91bce65e29
commit ab11cdde2c
7 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/sudoers/auth/sia.c
View File

@@ -92,6 +92,7 @@ sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
/* Check password and zero out plaintext copy. */
rc = sia_ses_authent(NULL, pass, siah);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
free(pass);
if (rc == SIASUCCESS)
debug_return_int(AUTH_SUCCESS);