From 0da0a5ed3bc17381b67ca1719367ce4ae4fa26b8 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Fri, 13 Nov 2020 20:55:19 +0000
Subject: [PATCH] login: use explicit_bzero() to get rid of confidental memory

Earlier code was most probably correct, but it is best to be safe than sorry
when dealing with confidental data removals.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 login-utils/login.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/login-utils/login.c b/login-utils/login.c
index 28ca8b41ae..4f0296c422 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -1336,8 +1336,12 @@ static void initialize(int argc, char **argv, struct login_context *cxt)
 
 		/* Wipe the name - some people mistype their password here. */
 		/* (Of course we are too late, but perhaps this helps a little...) */
+#ifdef HAVE_EXPLICIT_BZERO
+		explicit_bzero(p, strlen(p));
+#else
 		while (*p)
 			*p++ = ' ';
+#endif
 	}
 
 	close_all_fds(wanted_fds, ARRAY_SIZE(wanted_fds));
-- 
2.47.2