Erase cleartext passwords from memory, bug 482588.pam_skey-1.1.5-patches-6

author: Ulrich Müller <ulm@gentoo.org> 2013-08-26 21:40:12 +0200
committer: Ulrich Müller <ulm@gentoo.org> 2013-08-27 07:04:02 +0200
commit: 6dad3beedac1a440cb24341d42abdfeafffde790 (patch)
tree: d748091af43ed3636fc3152f85fa9d9e9e499ff1
parent: Improve handling of skey_haskey return status. (diff)
download: ulm-pam_skey-1.1.5-patches-6.tar.gz
ulm-pam_skey-1.1.5-patches-6.tar.bz2
ulm-pam_skey-1.1.5-patches-6.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/patchsets/pam_skey/1.1.5/05_all_delete_response.patch b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch
new file mode 100644
index 0000000..1e45f25
--- /dev/null
+++ b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch
@@ -0,0 +1,21 @@
+https://bugs.gentoo.org/482588
+Erase cleartext passwords from memory (CVE-2013-4285).
+
+--- pam_skey-1.1.5/pam_skey.c
++++ pam_skey/pam_skey.c
+@@ -129,6 +129,7 @@
+     }
+     if (strcasecmp(response,"s/key")!=0) {
+       status = pam_set_item(pamh, PAM_AUTHTOK, response);
++      _pam_delete(response);
+       if (status != PAM_SUCCESS)
+ 	return status;
+       return PAM_IGNORE;
+@@ -176,6 +177,7 @@
+   }
+ 
+   status = pam_set_item(pamh, PAM_AUTHTOK, response);
++  _pam_delete(response);
+   return PAM_IGNORE;
+ }
+
author	Ulrich Müller <ulm@gentoo.org>	2013-08-26 21:40:12 +0200
committer	Ulrich Müller <ulm@gentoo.org>	2013-08-27 07:04:02 +0200
commit	6dad3beedac1a440cb24341d42abdfeafffde790 (patch)
tree	d748091af43ed3636fc3152f85fa9d9e9e499ff1
parent	Improve handling of skey_haskey return status. (diff)
download	ulm-pam_skey-1.1.5-patches-6.tar.gz ulm-pam_skey-1.1.5-patches-6.tar.bz2 ulm-pam_skey-1.1.5-patches-6.zip