mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 23:05:17 +00:00
Code Issues Releases Wiki Activity

auth_getpass() returns a dynamically allocated copy of the plaintext

Browse Source 
password which needs to be freed after checking (and clearing) it.
This commit is contained in:
Todd C. Miller
2016-01-27 15:36:50 -07:00
parent 91bce65e29
commit ab11cdde2c
7 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/auth/pam.c
View File

@@ -443,14 +443,10 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"password longer than %d", PAM_MAX_RESP_SIZE);
ret = PAM_CONV_ERR;
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
goto done;
}
if ((pr->resp = strdup(pass)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
ret = PAM_BUF_ERR;
goto done;
}
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
pr->resp = pass; /* auth_getpass() malloc's a copy */
break;
case PAM_TEXT_INFO:
if (pm->msg)