move memset() of plaintext pw outside of verify loop and only do the

author Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)
diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c

index 2e9e562f0abc76b5ecb15cb354176d3fefee328d..6dc5785067daee786e866b1114d96ba97abb1981 100644 (file)
--- a/auth/sudo_auth.c
+++ b/auth/sudo_auth.c
@@ -144,7 +144,7 @@ verify_user()
  
         /* Get the password unless the auth function will do it for us */
         nil_pw = 0;
-#if defined(AUTH_STANDALONE)
+#ifdef AUTH_STANDALONE
         p = user_prompt;
  #else
         p = (char *) tgetpass(user_prompt, PASSWORD_TIMEOUT * 60, 1);
@@ -161,7 +161,6 @@ verify_user()
                 set_perms(PERM_USER, 0);
  
             success = auth->status = (auth->verify)(sudo_user.pw, p, auth);
-           (void) memset(p, 0, strlen(p));
  
             if (NEEDS_USER(auth))
                 set_perms(PERM_ROOT, 0);
@@ -169,6 +168,9 @@ verify_user()
             if (auth->status != AUTH_FAILURE)
                 goto cleanup;
         }
+#ifndef AUTH_STANDALONE
+       (void) memset(p, 0, strlen(p));
+#endif
  
         /* Exit loop on nil password, but give it a chance to match first. */
         if (nil_pw) {
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 27 Aug 1999 20:09:15 +0000 (20:09 +0000)