patchsets/pam_skey/1.1.5/05_all_delete_response.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

https://bugs.gentoo.org/482588
Erase cleartext passwords from memory (CVE-2013-4285).

--- pam_skey-1.1.5/pam_skey.c
+++ pam_skey/pam_skey.c
@@ -129,6 +129,7 @@
     }
     if (strcasecmp(response,"s/key")!=0) {
       status = pam_set_item(pamh, PAM_AUTHTOK, response);
+      _pam_delete(response);
       if (status != PAM_SUCCESS)
 	return status;
       return PAM_IGNORE;
@@ -176,6 +177,7 @@
   }
 
   status = pam_set_item(pamh, PAM_AUTHTOK, response);
+  _pam_delete(response);
   return PAM_IGNORE;
 }