* lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill

	the password fields with zeros before they are freed.

diff --git a/ChangeLog b/ChangeLog
index 335851d798874dc01bed40b1f4bfecb2aee4840a..13d8d562434fa6bff7b7b04a3cc695f2c8b3045e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-04-20  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill
+       the password fields with zeros before they are freed.
+
 2009-04-19  Changwoo Ryu  <cwryu@debian.org>
 
        * po/ko.po: Updated Korean translation.

diff --git a/lib/groupio.c b/lib/groupio.c
index 6ca720d8ba4f88630c93e9e859c78978425eba1c..cdca7c9a664fc5ba3503865fba1b9cd4f0b68766 100644 (file)
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -60,6 +60,7 @@ static void group_free (void *ent)
        struct group *gr = ent;
 
        free (gr->gr_name);
+       memzero (gr->gr_passwd, strlen (gr->gr_passwd));
        free (gr->gr_passwd);
        while (*(gr->gr_mem)) {
                free (*(gr->gr_mem));

diff --git a/lib/pwio.c b/lib/pwio.c
index 63cdc51145701974ee24c5d395fa01926768f6ee..38eea9c2ee3f092bdcf0a6a2611edad39d784d1b 100644 (file)
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,6 +54,7 @@ static void passwd_free (void *ent)
        struct passwd *pw = ent;
 
        free (pw->pw_name);
+       memzero (pw->pw_passwd, strlen (pw->pw_passwd));
        free (pw->pw_passwd);
        free (pw->pw_gecos);
        free (pw->pw_dir);

diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index 1454bc55246912c7a4878dfcb705dae5b3cd9f59..bae2068f08dbbdfeb68db2a430e38d283a3680e1 100644 (file)
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -102,6 +102,7 @@ static void gshadow_free (void *ent)
        struct sgrp *sg = ent;
 
        free (sg->sg_name);
+       memzero (sg->sg_passwd, strlen (sg->sg_passwd));
        free (sg->sg_passwd);
        while (NULL != *(sg->sg_adm)) {
                free (*(sg->sg_adm));

diff --git a/lib/shadowio.c b/lib/shadowio.c
index 810a6d43ebe5e1a55b4301f0cc2b79823576c85b..9a8000c4199e1116185ca81b84795b3fb3c7b589 100644 (file)
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,6 +54,7 @@ static void shadow_free (void *ent)
        struct spwd *sp = ent;
 
        free (sp->sp_namp);
+       memzero (sp->sp_pwdp, strlen (sp->sp_pwdp));
        free (sp->sp_pwdp);
        free (sp);
 }