From: Sami Kerola <kerolasa@iki.fi>
Date: Fri, 13 Nov 2020 20:55:19 +0000 (+0000)
Subject: login: use explicit_bzero() to get rid of confidental memory
X-Git-Tag: v2.37-rc1~252
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0da0a5ed3bc17381b67ca1719367ce4ae4fa26b8;p=thirdparty%2Futil-linux.git

login: use explicit_bzero() to get rid of confidental memory

Earlier code was most probably correct, but it is best to be safe than sorry
when dealing with confidental data removals.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/login-utils/login.c b/login-utils/login.c
index 28ca8b41ae..4f0296c422 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -1336,8 +1336,12 @@ static void initialize(int argc, char **argv, struct login_context *cxt)
 
 		/* Wipe the name - some people mistype their password here. */
 		/* (Of course we are too late, but perhaps this helps a little...) */
+#ifdef HAVE_EXPLICIT_BZERO
+		explicit_bzero(p, strlen(p));
+#else
 		while (*p)
 			*p++ = ' ';
+#endif
 	}
 
 	close_all_fds(wanted_fds, ARRAY_SIZE(wanted_fds));