From: Todd C. Miller Date: Mon, 21 Jan 2002 22:25:14 +0000 (+0000) Subject: The user's password was not zeroed after use when AIX authentication, X-Git-Tag: SUDO_1_6_6~24 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ebe32423f52f98cd0d6b884fda9cfb5fb969631;p=sudo The user's password was not zeroed after use when AIX authentication, BSD authentication, FWTK or PAM was in use. --- diff --git a/auth/aix_auth.c b/auth/aix_auth.c index 9c63c3109..0fae343e3 100644 --- a/auth/aix_auth.c +++ b/auth/aix_auth.c @@ -72,10 +72,13 @@ aixauth_verify(pw, prompt, auth) { char *message, *pass; int reenter = 1; + int rval = AUTH_FAILURE; pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); - if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0) - return(AUTH_SUCCESS); - else - return(AUTH_FAILURE); + if (pass) { + if (authenticate(pw->pw_name, pass, &reenter, &message) == 0) + rval = AUTH_SUCCESS; + memset(pass, 0, strlen(pass)); + } + return(rval); } diff --git a/auth/bsdauth.c b/auth/bsdauth.c index b9c2c3391..232bb7ed7 100644 --- a/auth/bsdauth.c +++ b/auth/bsdauth.c @@ -113,7 +113,7 @@ bsdauth_verify(pw, prompt, auth) { char *s, *pass; size_t len; - int authok; + int authok = 0; sig_t childkiller; auth_session_t *as = (auth_session_t *) auth->data; extern int nil_pw; @@ -154,7 +154,10 @@ bsdauth_verify(pw, prompt, auth) if (!pass || *pass == '\0') /* ^C or empty password */ nil_pw = 1; - authok = pass ? auth_userresponse(as, pass, 1) : 0; + if (pass) { + authok = auth_userresponse(as, pass, 1); + memset(pass, 0, strlen(pass)); + } /* restore old signal handler */ (void)signal(SIGCHLD, childkiller); diff --git a/auth/fwtk.c b/auth/fwtk.c index 00efd3726..45031f750 100644 --- a/auth/fwtk.c +++ b/auth/fwtk.c @@ -111,6 +111,7 @@ fwtk_verify(pw, prompt, auth) char *pass; /* Password from the user */ char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ + int error; extern int nil_pw; /* Send username to authentication server. */ @@ -147,16 +148,23 @@ fwtk_verify(pw, prompt, auth) if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { (void) fprintf(stderr, "%s: lost connection to authentication server.\n", Argv[0]); - return(AUTH_FATAL); + error = AUTH_FATAL; + goto done; } - if (strncmp(resp, "ok", 2) == 0) - return(AUTH_SUCCESS); + if (strncmp(resp, "ok", 2) == 0) { + error = AUTH_SUCCESS; + goto done; + } /* Main loop prints "Permission Denied" or insult. */ if (strcmp(resp, "Permission Denied.") != 0) fprintf(stderr, "%s: %s\n", Argv[0], resp); - return(AUTH_FAILURE); + error = AUTH_FAILURE; +done: + memset(pass, 0, strlen(pass)); + memset(buf, 0, strlen(buf)); + return(error); } int diff --git a/auth/pam.c b/auth/pam.c index 2960463c7..6ae85661a 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -203,6 +203,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *p = def_prompt; + char *pass; extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) @@ -219,12 +220,13 @@ sudo_conv(num_msg, msg, response, appdata_ptr) && (pm->msg[9] != ' ' || pm->msg[10] != '\0'))) p = pm->msg; /* Read the password. */ - pr->resp = estrdup((char *) tgetpass(p, - def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags)); - if (pr->resp == NULL) - pr->resp = ""; + pass = tgetpass(p, def_ival(I_PASSWD_TIMEOUT) * 60, + tgetpass_flags)); + pr->resp = pass ? estrdup(pass) : ""; if (*pr->resp == '\0') nil_pw = 1; /* empty password */ + else + memset(pass, 0, strlen(pass)); break; case PAM_TEXT_INFO: if (pm->msg)