From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 19 Jan 2025 20:27:50 +0000 (+0100)
Subject: src/gpasswd: Clear password in more cases
X-Git-Tag: 4.17.3~61
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=6b4bbbeecd676c9423f82658bb3a8f6990218e8d;p=thirdparty%2Fshadow.git

src/gpasswd: Clear password in more cases

If encryption of password fails, clear the memory before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 560b0ea79..e9e111a9f 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -864,13 +864,13 @@ static void change_passwd (struct group *gr)
 
 	salt = crypt_make_salt (NULL, NULL);
 	cp = pw_encrypt (pass, salt);
+	MEMZERO(pass);
 	if (NULL == cp) {
 		fprintf (stderr,
 		         _("%s: failed to crypt password with salt '%s': %s\n"),
 		         Prog, salt, strerror (errno));
 		exit (1);
 	}
-	MEMZERO(pass);
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
 		gr->gr_passwd = SHADOW_PASSWD_STRING;