isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo_passwd_cleanup: Set auth->data to NULL after freeing.

Browse Source 
GitHub issue #201
This commit is contained in:
Todd C. Miller
2022-11-17 08:10:35 -07:00
parent 0044893961
commit b3834bbf24
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/auth/passwd.c
View File

@@ -117,11 +117,14 @@ sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct
int int
sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force) sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
{ {
char *pw_epasswd = auth->data;
debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH); debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH);
if (pw_epasswd != NULL) if (auth->data != NULL) {
freezero(pw_epasswd, strlen(pw_epasswd)); /* Zero out encrypted password before freeing. */
size_t len = strlen((char *)auth->data);
freezero(auth->data, len);
auth->data = NULL;
}
debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_SUCCESS);
} }