The user's password was not zeroed after use when AIX authentication,

BSD authentication, FWTK or PAM was in use.

diff --git a/auth/aix_auth.c b/auth/aix_auth.c
index 9c63c3109f52e6e576a97c978877a73c7f05186b..0fae343e3082bfb7e0d82b43747faef92795056b 100644 (file)
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -72,10 +72,13 @@ aixauth_verify(pw, prompt, auth)
 {
     char *message, *pass;
     int reenter = 1;
+    int rval = AUTH_FAILURE;
 
     pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
-    if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
-       return(AUTH_SUCCESS);
-    else
-       return(AUTH_FAILURE);
+    if (pass) {
+       if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+           rval = AUTH_SUCCESS;
+       memset(pass, 0, strlen(pass));
+    }
+    return(rval);
 }

diff --git a/auth/bsdauth.c b/auth/bsdauth.c
index b9c2c33913a067012191cebe4316c4e310de0f29..232bb7ed7e71a6a47a46d9fcf4636e013e4264a1 100644 (file)
--- a/auth/bsdauth.c
+++ b/auth/bsdauth.c
@@ -113,7 +113,7 @@ bsdauth_verify(pw, prompt, auth)
 {
     char *s, *pass;
     size_t len;
-    int authok;
+    int authok = 0;
     sig_t childkiller;
     auth_session_t *as = (auth_session_t *) auth->data;
     extern int nil_pw;
@@ -154,7 +154,10 @@ bsdauth_verify(pw, prompt, auth)
     if (!pass || *pass == '\0')                /* ^C or empty password */
        nil_pw = 1;
 
-    authok = pass ? auth_userresponse(as, pass, 1) : 0;
+    if (pass) {
+       authok = auth_userresponse(as, pass, 1);
+       memset(pass, 0, strlen(pass));
+    }
 
     /* restore old signal handler */
     (void)signal(SIGCHLD, childkiller);

diff --git a/auth/fwtk.c b/auth/fwtk.c
index 00efd372689bbdf0612c948f69120f1d9da79f7b..45031f75043599e125f52aa755f0441c81bf10e6 100644 (file)
--- a/auth/fwtk.c
+++ b/auth/fwtk.c
@@ -111,6 +111,7 @@ fwtk_verify(pw, prompt, auth)
     char *pass;                                /* Password from the user */
     char buf[SUDO_PASS_MAX + 12];      /* General prupose buffer */
     char resp[128];                    /* Response from the server */
+    int error;
     extern int nil_pw;
 
     /* Send username to authentication server. */
@@ -147,16 +148,23 @@ fwtk_verify(pw, prompt, auth)
     if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
        (void) fprintf(stderr,
            "%s: lost connection to authentication server.\n", Argv[0]);
-       return(AUTH_FATAL);
+       error = AUTH_FATAL;
+       goto done;
     }
 
-    if (strncmp(resp, "ok", 2) == 0)
-       return(AUTH_SUCCESS);
+    if (strncmp(resp, "ok", 2) == 0) {
+       error = AUTH_SUCCESS;
+       goto done;
+    }
 
     /* Main loop prints "Permission Denied" or insult. */
     if (strcmp(resp, "Permission Denied.") != 0)
        fprintf(stderr, "%s: %s\n", Argv[0], resp);
-    return(AUTH_FAILURE);
+    error = AUTH_FAILURE;
+done:
+    memset(pass, 0, strlen(pass));
+    memset(buf, 0, strlen(buf));
+    return(error);
 }
 
 int

diff --git a/auth/pam.c b/auth/pam.c
index 2960463c77276fcfffff07c3bd8db5c5194191d7..6ae85661ae942382a5b07cff4d68f7ea5d177b63 100644 (file)
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -203,6 +203,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
     struct pam_response *pr;
     PAM_CONST struct pam_message *pm;
     const char *p = def_prompt;
+    char *pass;
     extern int nil_pw;
 
     if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
@@ -219,12 +220,13 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
                    && (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
                    p = pm->msg;
                /* Read the password. */
-               pr->resp = estrdup((char *) tgetpass(p,
-                   def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
-               if (pr->resp == NULL)
-                   pr->resp = "";
+               pass = tgetpass(p, def_ival(I_PASSWD_TIMEOUT) * 60,
+                   tgetpass_flags));
+               pr->resp = pass ? estrdup(pass) : "";
                if (*pr->resp == '\0')
                    nil_pw = 1;         /* empty password */
+               else
+                   memset(pass, 0, strlen(pass));
                break;
            case PAM_TEXT_INFO:
                if (pm->msg)