Store shadow password after making a local copy of struct passwd in

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)
diff --git a/pwutil.c b/pwutil.c

index e4f3895b18aa4abee39021cf05f97e06d4b776d4..7df9fbe8d28b6f5e66bae034d7a507c26c8c5b35 100644 (file)
--- a/pwutil.c
+++ b/pwutil.c
@@ -225,8 +225,8 @@ sudo_getpwuid(uid)
       * Cache passwd db entry if it exists or a negative response if not.
       */
      if ((pw = getpwuid(uid)) != NULL) {
-       pw->pw_passwd = sudo_getepw(pw);        /* get shadow password */
         pw = sudo_pwdup(pw);
+       pw->pw_passwd = sudo_getepw(pw);        /* get shadow password */
         if (rbinsert(pwcache_byname, (VOID *) pw) != NULL)
             errorx(1, "unable to cache user name, already exists");
         if (rbinsert(pwcache_byuid, (VOID *) pw) != NULL)
@@ -375,8 +375,10 @@ pw_free(v)
  {
      struct passwd *pw = (struct passwd *) v;
  
-    if (pw->pw_passwd != NULL)
+    if (pw->pw_passwd != NULL) {
         zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+       free(pw->pw_passwd);
+    }
      free(pw);
  }
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 12 Mar 2005 04:42:30 +0000 (04:42 +0000)