upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 09:41:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

init: use explicit_bzero() for clearing passwords

Browse source 
This is a nop in practice, because it cannot be proven that this
particular bzero() is not significant.  Make it explicit anyways, rather
than relying on an implementation detail of how the password is
collected.

Discussed with:	Andrew Gierth <andrew tao146 riddles org uk>

(cherry picked from commit 852f70b240)
This commit is contained in:
Kyle Evans 2021-03-02 21:38:37 -06:00
parent f7488064d9
commit 223d6caabd
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sbin/init/init.c
View file

@ -908,7 +908,7 @@ single_user(void)
if (clear == NULL || *clear == '\0')
_exit(0);
password = crypt(clear, pp->pw_passwd);
bzero(clear, _PASSWORD_LEN);
explicit_bzero(clear, _PASSWORD_LEN);
if (password != NULL &&
strcmp(password, pp->pw_passwd) == 0)
break;