if (nr < 0)
pw_error(orig_file, 1, 1);
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero(buf, sizeof(buf));
+#endif
}
static void pw_init(void)
if (!pid) {
execlp(editor, p, tmp_file, NULL);
- /* Shouldn't get here */
- _exit(EXIT_FAILURE);
+ errexec(editor);
}
for (;;) {
pid = waitpid(pid, &pstat, WUNTRACED);
if (lckpwdf() < 0)
err(EXIT_FAILURE, _("cannot get lock"));
- passwd_file = open(orig_file, O_RDONLY, 0);
+ passwd_file = open(orig_file, O_RDONLY | O_CLOEXEC, 0);
if (passwd_file < 0)
err(EXIT_FAILURE, _("cannot open %s"), orig_file);
tmp_fd = pw_tmpfile(passwd_file);
if (end.st_nlink == 0) {
if (close_stream(tmp_fd) != 0)
err(EXIT_FAILURE, _("write error"));
- tmp_fd = fopen(tmp_file, "r");
+ tmp_fd = fopen(tmp_file, "r" UL_CLOEXECSTR);
if (!tmp_fd)
err(EXIT_FAILURE, _("cannot open %s"), tmp_file);
if (fstat(fileno(tmp_fd), &end))