Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/patchsets/pam_skey/1.1.5/05_all_delete_response.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patchsets/pam_skey/1.1.5/05_all_delete_response.patch')
-rw-r--r--patchsets/pam_skey/1.1.5/05_all_delete_response.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/patchsets/pam_skey/1.1.5/05_all_delete_response.patch b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch
new file mode 100644
index 0000000..1e45f25
--- /dev/null
+++ b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch
@@ -0,0 +1,21 @@
+https://bugs.gentoo.org/482588
+Erase cleartext passwords from memory (CVE-2013-4285).
+
+--- pam_skey-1.1.5/pam_skey.c
++++ pam_skey/pam_skey.c
+@@ -129,6 +129,7 @@
+ }
+ if (strcasecmp(response,"s/key")!=0) {
+ status = pam_set_item(pamh, PAM_AUTHTOK, response);
++ _pam_delete(response);
+ if (status != PAM_SUCCESS)
+ return status;
+ return PAM_IGNORE;
+@@ -176,6 +177,7 @@
+ }
+
+ status = pam_set_item(pamh, PAM_AUTHTOK, response);
++ _pam_delete(response);
+ return PAM_IGNORE;
+ }
+