diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:56:58 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:13:15 +0100 |
| commit | bcba17939e1b1a568cd4a764534cde74d37078cc (patch) | |
| tree | 4f3630f53cd52c2afa59435f5d36db260c1bf4a1 /modules/pam_mail | |
| parent | 87ff7a12a55c38873905636eb8d29b4542d828f5 (diff) | |
| download | linux-pam-git-bcba17939e1b1a568cd4a764534cde74d37078cc.tar.gz | |
modules: make use of secure memory erasure
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
Diffstat (limited to 'modules/pam_mail')
| -rw-r--r-- | modules/pam_mail/pam_mail.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 7eb94fc7..2b77e560 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -169,7 +169,7 @@ get_folder(pam_handle_t *pamh, int ctrl, hash[2 * i] = '\0'; rc = asprintf(&folder, MAIL_FILE_FORMAT, path, hash, pwd->pw_name); - _pam_overwrite(hash); + pam_overwrite_string(hash); _pam_drop(hash); if (rc < 0) goto get_folder_cleanup; @@ -211,7 +211,7 @@ get_mail_status(pam_handle_t *pamh, int ctrl, const char *folder) } i = scandir(dir, &namelist, 0, alphasort); save_errno = errno; - _pam_overwrite(dir); + pam_overwrite_string(dir); _pam_drop(dir); if (i < 0) { type = 0; @@ -232,7 +232,7 @@ get_mail_status(pam_handle_t *pamh, int ctrl, const char *folder) } i = scandir(dir, &namelist, 0, alphasort); save_errno = errno; - _pam_overwrite(dir); + pam_overwrite_string(dir); _pam_drop(dir); if (i < 0) { type = 0; @@ -264,7 +264,7 @@ get_mail_status(pam_handle_t *pamh, int ctrl, const char *folder) } get_mail_status_cleanup: - memset(&mail_st, 0, sizeof(mail_st)); + pam_overwrite_object(&mail_st); D(("user has %d mail in %s folder", type, folder)); return type; } @@ -415,7 +415,7 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, } D(("setting env: %s", tmp)); retval = pam_putenv(pamh, tmp); - _pam_overwrite(tmp); + pam_overwrite_string(tmp); _pam_drop(tmp); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_CRIT, @@ -457,7 +457,7 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, (void) pam_putenv(pamh, MAIL_ENV_NAME); do_mail_cleanup: - _pam_overwrite(folder); + pam_overwrite_string(folder); _pam_drop(folder); /* indicate success or failure */ |