[hackers] [ubase] su: zero out encrypted passwords || Jakob Kramer

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <git_AT_suckless.org>
Date: Wed, 30 Apr 2014 14:26:02 +0200

commit b6e4a367e2605da98d418bebcd44a2d0f913dab1
Author: Jakob Kramer <jakob.kramer_AT_gmx.de>
Date: Wed Apr 30 14:15:26 2014 +0200

    su: zero out encrypted passwords

diff --git a/su.c b/su.c
index c93d9c8..d24157a 100644
--- a/su.c
+++ b/su.c
_AT_@ -86,6 +86,8 @@ main(int argc, char *argv[])

                 if (strcmp(cryptpass, spw->sp_pwdp) != 0)
                         eprintf(randreply());
+ explicit_bzero(cryptpass, strlen(cryptpass));
+ explicit_bzero(spw, sizeof *spw);
         }

         errno = 0;
Received on Wed Apr 30 2014 - 14:26:02 CEST

This archive was generated by hypermail 2.3.0 : Wed Apr 30 2014 - 14:36:08 CEST