emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

passwd: erase password copy on all error branches

Browse Source
This commit is contained in:
Christian Göttsche 2022-04-25 12:17:40 +02:00 committed by Serge Hallyn
parent edca359022
commit 58b6e97a9e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/passwd.c
View File

@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("New password: ")); cp = getpass (_("New password: "));
if (NULL == cp) { if (NULL == cp) {
memzero (orig, sizeof orig); memzero (orig, sizeof orig);
memzero (pass, sizeof pass);
return -1; return -1;
} }
if (warned && (strcmp (pass, cp) != 0)) { if (warned && (strcmp (pass, cp) != 0)) {
@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("Re-enter new password: ")); cp = getpass (_("Re-enter new password: "));
if (NULL == cp) { if (NULL == cp) {
memzero (orig, sizeof orig); memzero (orig, sizeof orig);
memzero (pass, sizeof pass);
return -1; return -1;
} }
if (strcmp (cp, pass) != 0) { if (strcmp (cp, pass) != 0) {