From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 12 Mar 2005 04:42:30 +0000 (+0000)
Subject: Store shadow password after making a local copy of struct passwd in
X-Git-Tag: SUDO_1_7_0~676
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ea568c7de321df4cb824676064171b677924703;p=sudo

Store shadow password after making a local copy of struct passwd in
case normal and shadow routines use the same internal buffer in libc.
---

diff --git a/pwutil.c b/pwutil.c
index e4f3895b1..7df9fbe8d 100644
--- a/pwutil.c
+++ b/pwutil.c
@@ -225,8 +225,8 @@ sudo_getpwuid(uid)
      * Cache passwd db entry if it exists or a negative response if not.
      */
     if ((pw = getpwuid(uid)) != NULL) {
-	pw->pw_passwd = sudo_getepw(pw);	/* get shadow password */
 	pw = sudo_pwdup(pw);
+	pw->pw_passwd = sudo_getepw(pw);	/* get shadow password */
 	if (rbinsert(pwcache_byname, (VOID *) pw) != NULL)
 	    errorx(1, "unable to cache user name, already exists");
 	if (rbinsert(pwcache_byuid, (VOID *) pw) != NULL)
@@ -375,8 +375,10 @@ pw_free(v)
 {
     struct passwd *pw = (struct passwd *) v;
 
-    if (pw->pw_passwd != NULL)
+    if (pw->pw_passwd != NULL) {
 	zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+	free(pw->pw_passwd);
+    }
     free(pw);
 }