password which needs to be freed after checking (and clearing) it.
message = NULL;
result = authenticate(pw->pw_name, pass, &reenter, &message);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
+ free(pass);
prompt = message;
} while (reenter);
log_warningx(0, N_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
}
+ free(pass);
pass = auth_getpass(s, def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_ON, callback);
free(s);
if (pass) {
authok = auth_userresponse(as, pass, 1);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
+ free(pass);
}
/* restore old signal handler */
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass && *pass == '\0') {
+ free(pass);
pass = auth_getpass("Response [echo on]: ",
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON, callback);
}
sudo_warnx("%s", resp);
error = AUTH_FAILURE;
done:
- memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
memset_s(buf, sizeof(buf), 0, sizeof(buf));
+ memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
+ free(pass);
debug_return_int(error);
}
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"password longer than %d", PAM_MAX_RESP_SIZE);
ret = PAM_CONV_ERR;
+ memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
goto done;
}
- if ((pr->resp = strdup(pass)) == NULL) {
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
- ret = PAM_BUF_ERR;
- goto done;
- }
- memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
+ pr->resp = pass; /* auth_getpass() malloc's a copy */
break;
case PAM_TEXT_INFO:
if (pm->msg)
/* Sometimes (when current token close to expire?)
ACE challenges for the next token displayed
(entered without the PIN) */
+ if (pass != NULL) {
+ memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
+ free(pass);
+ }
pass = auth_getpass("\
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
/* Free resources */
SD_Close(*sd);
+ if (pass != NULL) {
+ memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass));
+ free(pass);
+ }
+
/* Return stored state to calling process */
debug_return_int(rval);
}
/* Check password and zero out plaintext copy. */
rc = sia_ses_authent(NULL, pass, siah);
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
+ free(pass);
if (rc == SIASUCCESS)
debug_return_int(AUTH_SUCCESS);
if (success != AUTH_FAILURE)
break;
}
- if (!standalone)
+ if (!standalone) {
memset_s(p, SUDO_CONV_REPL_MAX, 0, strlen(p));
+ free(p);
+ }
if (success != AUTH_FAILURE)
goto done;
debug_return_int(status == AUTH_FATAL ? -1 : 1);
}
+/*
+ * Prompts the user for a password using the conversation function.
+ * Returns the plaintext password or NULL.
+ * The user is responsible for freeing the returned value.
+ */
char *
auth_getpass(const char *prompt, int timeout, int type,
struct sudo_conv_callback *callback)
projects / sudo / commitdiff