From 7143eaf024a740627da96c69d960051816c5b593 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sat, 28 Apr 2001 16:06:19 +0000 Subject: [PATCH] Relevant BUGIDs: 419803 Purpose of commit: bugfix Commit summary: --------------- Fix pam_unix to not zero out password strings that it doesn't own! --- CHANGELOG | 2 ++ modules/pam_unix/pam_unix_passwd.c | 6 ------ 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index fff2da83..fab19863 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -49,6 +49,8 @@ bug report - outstanding bugs are listed here: 0.76: please submit patches for this section with actual code/doc patches! +* don't zero out password strings during pam_unix's password changing + function (Bug 419803 - vorlon) * propagate some definitions to the _pam_aconf.h file - from David Lee (Bug 415419 - agmorgan) * solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan) diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 3fe8a27a..c85305e4 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -891,8 +891,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval != PAM_SUCCESS) { _log_err(LOG_NOTICE, pamh, "new password not acceptable"); - _pam_overwrite(pass_new); - _pam_overwrite(pass_old); pass_new = pass_old = NULL; /* tidy up */ #ifdef USE_LCKPWDF ulckpwdf(); @@ -935,8 +933,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (temp == NULL) { _log_err(LOG_CRIT, pamh, "out of memory for password"); - _pam_overwrite(pass_new); - _pam_overwrite(pass_old); pass_new = pass_old = NULL; /* tidy up */ #ifdef USE_LCKPWDF ulckpwdf(); @@ -970,8 +966,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, retval = _do_setpass(pamh, user, pass_old, tpass, ctrl, remember); - _pam_overwrite(pass_new); - _pam_overwrite(pass_old); _pam_delete(tpass); pass_old = pass_new = NULL; } else { /* something has broken with the module */ -- 2.40.0