Relevant BUGIDs: 419803

Purpose of commit: bugfix

Commit summary:
---------------
Fix pam_unix to not zero out password strings that it doesn't own!

diff --git a/CHANGELOG b/CHANGELOG
index fff2da83697b958aa70329c241673153affc731e..fab1986379d275854c14f014c11402d9aa90111b 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,6 +49,8 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* don't zero out password strings during pam_unix's password changing
+  function (Bug 419803 - vorlon)
 * propagate some definitions to the _pam_aconf.h file - from David Lee
   (Bug 415419 - agmorgan)
 * solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan)

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 3fe8a27a6997dd72f61fb4e1bc5454f34c3accbb..c85305e424fce57f73c64cf4a2c866642b3ea997 100644 (file)
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -891,8 +891,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                if (retval != PAM_SUCCESS) {
                        _log_err(LOG_NOTICE, pamh,
                                 "new password not acceptable");
-                       _pam_overwrite(pass_new);
-                       _pam_overwrite(pass_old);
                        pass_new = pass_old = NULL;     /* tidy up */
 #ifdef USE_LCKPWDF
                        ulckpwdf();
@@ -935,8 +933,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                                if (temp == NULL) {
                                        _log_err(LOG_CRIT, pamh,
                                                 "out of memory for password");
-                                       _pam_overwrite(pass_new);
-                                       _pam_overwrite(pass_old);
                                        pass_new = pass_old = NULL;     /* tidy up */
 #ifdef USE_LCKPWDF
                                        ulckpwdf();
@@ -970,8 +966,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 
                retval = _do_setpass(pamh, user, pass_old, tpass, ctrl,
                                     remember);
-               _pam_overwrite(pass_new);
-               _pam_overwrite(pass_old);
                _pam_delete(tpass);
                pass_old = pass_new = NULL;
        } else {                /* something has broken with the module */