From bcba17939e1b1a568cd4a764534cde74d37078cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 30 Jan 2023 17:56:58 +0100 Subject: modules: make use of secure memory erasure Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes --- modules/pam_access/pam_access.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules/pam_access') diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index f7b47227..f70b7e49 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -663,7 +663,7 @@ static int group_match (pam_handle_t *pamh, const char *tok, const char* usr, int debug) { - char grptok[BUFSIZ]; + char grptok[BUFSIZ] = {}; if (debug) pam_syslog (pamh, LOG_DEBUG, @@ -673,7 +673,6 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr, return NO; /* token is received under the format '(...)' */ - memset(grptok, 0, BUFSIZ); strncpy(grptok, tok + 1, strlen(tok) - 2); if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok)) -- cgit v1.2.1