after recents passwd(1) changes, We should use explicit_bzero(3) for
clearing these sensitive strings.
OK?
Index: local_passwd.c
===
RCS file: /cvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.50
diff -u -p -r1.50 local_passwd.c
--- local_passwd.c 31 Aug 2016 12:41:19 - 1.50
+++ local_passwd.c 31 Aug 2016 14:17:40 -
@@ -174,8 +174,10 @@ getnewpasswd(struct passwd *pw, login_ca
}
if (crypt_checkpass(p, pw->pw_passwd) != 0) {
errno = EACCES;
+ explicit_bzero(oldpass, sizeof(oldpass));
pw_error(NULL, 1, 1);
}
+ explicit_bzero(oldpass, sizeof(oldpass));
}
}
@@ -204,6 +206,7 @@ getnewpasswd(struct passwd *pw, login_ca
if (p != NULL && strcmp(newpass, p) == 0)
break;
(void)printf("Mismatch; try again, EOF to quit.\n");
+ explicit_bzero(newpass, sizeof(newpass));
}
(void)signal(SIGINT, saveint);
@@ -212,8 +215,10 @@ getnewpasswd(struct passwd *pw, login_ca
pref = login_getcapstr(lc, "localcipher", NULL, NULL);
if (crypt_newhash(newpass, pref, hash, sizeof(hash)) != 0) {
(void)printf("Couldn't generate hash.\n");
+ explicit_bzero(newpass, sizeof(newpass));
pw_error(NULL, 0, 0);
}
+ explicit_bzero(newpass, sizeof(newpass));
free(pref);
return hash;
}
