Paranoia; zero out pw_passwd before freeing passwd entry.

diff --git a/CHANGES b/CHANGES
index 6e60923d9b0590959556f6f1645ceba9bba5e449..c91e87287cd3127048129977993ee6f4ba7f0ecb 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1767,3 +1767,5 @@ Sudo 1.6.8p2 released.
      users' privs.
 
 559) The "secure_path" run-time Defaults option has been restored.
+
+560) Password data is now cached for fast lookup.

diff --git a/getspwuid.c b/getspwuid.c
index b6e1d01f01e8f22389f41e2ba9883090ebd3bb3f..4ffcba93b212aa84fd49c33eb947d61b3dbfe87b 100644 (file)
--- a/getspwuid.c
+++ b/getspwuid.c
@@ -83,8 +83,9 @@ int crypt_type = INT_MAX;
 static struct rbtree *cache_byuid;
 static struct rbtree *cache_byname;
 
-static int cmp_byuid   __P((const VOID *, const VOID *));
-static int cmp_byname  __P((const VOID *, const VOID *));
+static int  cmp_byuid  __P((const VOID *, const VOID *));
+static int  cmp_byname __P((const VOID *, const VOID *));
+static void pw_free    __P((VOID *));
 
 /*
  * Compare by uid.
@@ -416,8 +417,18 @@ sudo_endpwent()
 #ifdef HAVE_GETAUTHUID
     endauthent();
 #endif
-    rbdestroy(cache_byuid, (void (*)__P((VOID *))) free);
+    rbdestroy(cache_byuid, pw_free);
     cache_byuid = NULL;
     rbdestroy(cache_byname, NULL);
     cache_byname = NULL;
 }
+
+static void
+pw_free(v)
+    VOID *v;
+{
+    struct passwd *pw = (struct passwd *) v;
+
+    zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+    free(pw);
+}