sulogin: use explicit_bzero() for buffer with password

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c
index 946c48cb53a337ef7a3857e73acfac712145b8ee..11ec2f738f12f33c6b8d21db8b721c0d85ebfed4 100644 (file)
--- a/login-utils/sulogin.c
+++ b/login-utils/sulogin.c
@@ -81,6 +81,8 @@ static struct sigaction saved_sigchld;
 static volatile sig_atomic_t alarm_rised;
 static volatile sig_atomic_t sigchild;
 
+#define SULOGIN_PASSWORD_BUFSIZ        128
+
 #ifndef IUCLC
 # define IUCLC         0
 #endif
@@ -658,13 +660,13 @@ notty:
  * Ask for the password. Note that there is no default timeout as we normally
  * skip this during boot.
  */
-static const char *getpasswd(struct console *con)
+static char *getpasswd(struct console *con)
 {
        struct sigaction sa;
        struct termios tty;
-       static char pass[128], *ptr;
+       static char pass[SULOGIN_PASSWORD_BUFSIZ], *ptr;
        struct chardata *cp;
-       const char *ret = NULL;
+       char *ret = NULL;
        unsigned char tc;
        char c, ascval;
        int eightbit;
@@ -773,6 +775,8 @@ quit:
        tcfinal(con);
        printf("\r\n");
 out:
+       if (ret == NULL)
+               explicit_bzero(pass, sizeof(pass));
        return ret;
 }
 
@@ -1042,7 +1046,7 @@ int main(int argc, char **argv)
                        setup(con);
                        while (1) {
                                const char *passwd = pwd->pw_passwd;
-                               const char *answer;
+                               char *answer;
                                int doshell = 0;
                                int deny = !opt_e && locked_account_password(pwd->pw_passwd);
 
@@ -1050,8 +1054,10 @@ int main(int argc, char **argv)
 
                                if ((answer = getpasswd(con)) == NULL)
                                        break;
-                               if (deny)
+                               if (deny) {
+                                       explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
                                        exit(EXIT_FAILURE);
+                               }
 
                                /* no password or locked account */
                                if (!passwd[0] || locked_account_password(passwd))
@@ -1065,6 +1071,8 @@ int main(int argc, char **argv)
                                                doshell++;
                                }
 
+                               explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
+
                                if (doshell) {
                                        /* sushell() unmask signals */
                                        sushell(pwd);