[PATCH] su: zero out encrypted passwords

From: Jakob Kramer <jakob.kramer_AT_gmx.de>
Date: Wed, 30 Apr 2014 14:15:26 +0200

---
 su.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/su.c b/su.c
index d51b1ae..7720c60 100644
--- a/su.c
+++ b/su.c
_AT_@ -86,6 +86,8 @@ main(int argc, char *argv[])
 
 		if (strcmp(cryptpass, spw->sp_pwdp) != 0)
 			eprintf(randreply());
+		explicit_bzero(cryptpass, strlen(cryptpass));
+		explicit_bzero(spw, sizeof *spw);
 	}
 
 	errno = 0;
-- 
1.8.5.1
--------------070500050705090806040909--
Received on Mon Sep 17 2001 - 00:00:00 CEST

This archive was generated by hypermail 2.3.0 : Wed Apr 30 2014 - 15:12:03 CEST