login: use explicit_bzero() to get rid of confidental memory
Earlier code was most probably correct, but it is best to be safe than sorry when dealing with confidental data removals. Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit is contained in:
parent
5dd0896aa8
commit
0da0a5ed3b
|
@ -1336,8 +1336,12 @@ static void initialize(int argc, char **argv, struct login_context *cxt)
|
|||
|
||||
/* Wipe the name - some people mistype their password here. */
|
||||
/* (Of course we are too late, but perhaps this helps a little...) */
|
||||
#ifdef HAVE_EXPLICIT_BZERO
|
||||
explicit_bzero(p, strlen(p));
|
||||
#else
|
||||
while (*p)
|
||||
*p++ = ' ';
|
||||
#endif
|
||||
}
|
||||
|
||||
close_all_fds(wanted_fds, ARRAY_SIZE(wanted_fds));
|
||||
|
|
Loading…
Reference in New Issue