From owner-p4-projects@FreeBSD.ORG  Sun Jun  8 15:47:33 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D25F137B404; Sun,  8 Jun 2003 15:47:32 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7BD6E37B401
	for <perforce@freebsd.org>; Sun,  8 Jun 2003 15:47:32 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22A8D43F75
	for <perforce@freebsd.org>; Sun,  8 Jun 2003 15:47:32 -0700 (PDT)
	(envelope-from des@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h58MlV0U007811
	for <perforce@freebsd.org>; Sun, 8 Jun 2003 15:47:31 -0700 (PDT)
	(envelope-from des@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h58MlVPJ007808
	for perforce@freebsd.org; Sun, 8 Jun 2003 15:47:31 -0700 (PDT)
Date: Sun, 8 Jun 2003 15:47:31 -0700 (PDT)
Message-Id: <200306082247.h58MlVPJ007808@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	des@freebsd.org using -f
From: Dag-Erling Smorgrav <des@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 32819 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jun 2003 22:47:33 -0000

http://perforce.freebsd.org/chv.cgi?CH=32819

Change 32819 by des@des.at.des.thinksec.com on 2003/06/08 15:47:28

	Paranoia: clear buffers before returning.
	
	Submitted by:	Dmitry V. Levin <ldv@altlinux.org>

Affected files ...

.. //depot/projects/openpam/lib/openpam_ttyconv.c#21 edit

Differences ...

==== //depot/projects/openpam/lib/openpam_ttyconv.c#21 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $
+ * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#21 $
  */
 
 #include <sys/types.h>
@@ -68,6 +68,7 @@
 	sigset_t saved_sigset, sigset;
 	unsigned int saved_alarm;
 	size_t len;
+	char *retval;
 
 	sigemptyset(&sigset);
 	sigaddset(&sigset, SIGINT);
@@ -89,14 +90,18 @@
 	sigaction(SIGALRM, &saved_action, NULL);
 	sigprocmask(SIG_SETMASK, &saved_sigset, NULL);
 	alarm(saved_alarm);
-	if (timed_out || ferror(stdin) || feof(stdin))
+	if (timed_out || ferror(stdin) || feof(stdin)) {
+		memset(buf, 0, sizeof(buf));
 		return (NULL);
+	}
 	/* trim trailing whitespace */
 	for (len = strlen(buf); len > 0; --len)
 		if (!isspace(buf[len - 1]))
 			break;
 	buf[len] = '\0';
-	return (strdup(buf));
+	retval = strdup(buf);
+	memset(buf, 0, sizeof(buf));
+	return (retval);
 }
 
 static char *
@@ -179,7 +184,10 @@
 	RETURNC(PAM_SUCCESS);
  fail:
 	while (i)
-		FREE(resp[--i]);
+		if (resp[--i]->resp) {
+			memset(resp[i]->resp, 0, strlen(resp[i]->resp));
+			FREE(resp[i]->resp);
+		}
 	FREE(*resp);
 	RETURNC(PAM_CONV_ERR);
 }