From f5cae905ca1a9f686f80aea45a34cea50fec0534 Mon Sep 17 00:00:00 2001 From: modric Date: Thu, 17 Nov 2022 16:08:59 +0800 Subject: [PATCH] Fix memory leak of pass in converse(). --- plugins/sudoers/auth/pam.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 693cef3d4..92cd2dd72 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -723,7 +723,8 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, if (strlen(pass) >= PAM_MAX_RESP_SIZE) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "password longer than %d", PAM_MAX_RESP_SIZE); - explicit_bzero(pass, strlen(pass)); + freezero(pass, strlen(pass)); + pass = NULL; goto bad; } reply[n].resp = pass; /* auth_getpass() malloc's a copy */