Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 8 Jun 2003 15:47:31 -0700 (PDT)
From:      Dag-Erling Smorgrav <des@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 32819 for review
Message-ID:  <200306082247.h58MlVPJ007808@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=32819

Change 32819 by des@des.at.des.thinksec.com on 2003/06/08 15:47:28

	Paranoia: clear buffers before returning.
	
	Submitted by:	Dmitry V. Levin <ldv@altlinux.org>

Affected files ...

.. //depot/projects/openpam/lib/openpam_ttyconv.c#21 edit

Differences ...

==== //depot/projects/openpam/lib/openpam_ttyconv.c#21 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $
+ * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#21 $
  */
 
 #include <sys/types.h>
@@ -68,6 +68,7 @@
 	sigset_t saved_sigset, sigset;
 	unsigned int saved_alarm;
 	size_t len;
+	char *retval;
 
 	sigemptyset(&sigset);
 	sigaddset(&sigset, SIGINT);
@@ -89,14 +90,18 @@
 	sigaction(SIGALRM, &saved_action, NULL);
 	sigprocmask(SIG_SETMASK, &saved_sigset, NULL);
 	alarm(saved_alarm);
-	if (timed_out || ferror(stdin) || feof(stdin))
+	if (timed_out || ferror(stdin) || feof(stdin)) {
+		memset(buf, 0, sizeof(buf));
 		return (NULL);
+	}
 	/* trim trailing whitespace */
 	for (len = strlen(buf); len > 0; --len)
 		if (!isspace(buf[len - 1]))
 			break;
 	buf[len] = '\0';
-	return (strdup(buf));
+	retval = strdup(buf);
+	memset(buf, 0, sizeof(buf));
+	return (retval);
 }
 
 static char *
@@ -179,7 +184,10 @@
 	RETURNC(PAM_SUCCESS);
  fail:
 	while (i)
-		FREE(resp[--i]);
+		if (resp[--i]->resp) {
+			memset(resp[i]->resp, 0, strlen(resp[i]->resp));
+			FREE(resp[i]->resp);
+		}
 	FREE(*resp);
 	RETURNC(PAM_CONV_ERR);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306082247.h58MlVPJ007808>