sulogin: use explicit_bzero() for buffer with password

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c
index 6ed63f1a07d79464d1f22ddbdf05e7fe4db402f2..d7350b071f2adb663338953bba85a21076f73cec 100644 (file)
--- a/login-utils/sulogin.c
+++ b/login-utils/sulogin.c
@@ -80,6 +80,8 @@ static struct sigaction saved_sigchld;
 static volatile sig_atomic_t alarm_rised;
 static volatile sig_atomic_t sigchild;
 
+#define SULOGIN_PASSWORD_BUFSIZ        128
+
 #ifndef IUCLC
 # define IUCLC         0
 #endif
@@ -602,13 +604,13 @@ static void setup(struct console *con)
  * Ask for the password. Note that there is no default timeout as we normally
  * skip this during boot.
  */
-static const char *getpasswd(struct console *con)
+static char *getpasswd(struct console *con)
 {
        struct sigaction sa;
        struct termios tty;
-       static char pass[128], *ptr;
+       static char pass[SULOGIN_PASSWORD_BUFSIZ], *ptr;
        struct chardata *cp;
-       const char *ret = pass;
+       char *ret = NULL;
        unsigned char tc;
        char c, ascval;
        int eightbit;
@@ -711,6 +713,8 @@ quit:
        tcfinal(con);
        printf("\r\n");
 out:
+       if (ret == NULL)
+               explicit_bzero(pass, sizeof(pass));
        return ret;
 }
 
@@ -977,7 +981,7 @@ int main(int argc, char **argv)
                        setup(con);
                        while (1) {
                                const char *passwd = pwd->pw_passwd;
-                               const char *answer;
+                               char *answer;
                                int doshell = 0;
                                int deny = !opt_e && locked_account_password(pwd->pw_passwd);
 
@@ -985,8 +989,10 @@ int main(int argc, char **argv)
 
                                if ((answer = getpasswd(con)) == NULL)
                                        break;
-                               if (deny)
+                               if (deny) {
+                                       explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
                                        exit(EXIT_FAILURE);
+                               }
 
                                /* no password or locked account */
                                if (!passwd[0] || locked_account_password(passwd))
@@ -1000,6 +1006,8 @@ int main(int argc, char **argv)
                                                doshell++;
                                }
 
+                               explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
+
                                if (doshell) {
                                        /* sushell() unmask signals */
                                        sushell(pwd);