Date: Sun, 8 Jun 2003 15:47:31 -0700 (PDT) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 32819 for review Message-ID: <200306082247.h58MlVPJ007808@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=32819 Change 32819 by des@des.at.des.thinksec.com on 2003/06/08 15:47:28 Paranoia: clear buffers before returning. Submitted by: Dmitry V. Levin <ldv@altlinux.org> Affected files ... .. //depot/projects/openpam/lib/openpam_ttyconv.c#21 edit Differences ... ==== //depot/projects/openpam/lib/openpam_ttyconv.c#21 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $ + * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#21 $ */ #include <sys/types.h> @@ -68,6 +68,7 @@ sigset_t saved_sigset, sigset; unsigned int saved_alarm; size_t len; + char *retval; sigemptyset(&sigset); sigaddset(&sigset, SIGINT); @@ -89,14 +90,18 @@ sigaction(SIGALRM, &saved_action, NULL); sigprocmask(SIG_SETMASK, &saved_sigset, NULL); alarm(saved_alarm); - if (timed_out || ferror(stdin) || feof(stdin)) + if (timed_out || ferror(stdin) || feof(stdin)) { + memset(buf, 0, sizeof(buf)); return (NULL); + } /* trim trailing whitespace */ for (len = strlen(buf); len > 0; --len) if (!isspace(buf[len - 1])) break; buf[len] = '\0'; - return (strdup(buf)); + retval = strdup(buf); + memset(buf, 0, sizeof(buf)); + return (retval); } static char * @@ -179,7 +184,10 @@ RETURNC(PAM_SUCCESS); fail: while (i) - FREE(resp[--i]); + if (resp[--i]->resp) { + memset(resp[i]->resp, 0, strlen(resp[i]->resp)); + FREE(resp[i]->resp); + } FREE(*resp); RETURNC(PAM_CONV_ERR); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306082247.h58MlVPJ007808>