ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

login: use explicit_bzero() to get rid of confidental memory 

Earlier code was most probably correct, but it is best to be safe than sorry
when dealing with confidental data removals.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit is contained in:
Sami Kerola 2020-11-13 20:55:19 +00:00
parent 5dd0896aa8
commit 0da0a5ed3b
No known key found for this signature in database
GPG Key ID: 0D46FEF7E61DBB46
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
login-utils/login.c
View File

@ -1336,8 +1336,12 @@ static void initialize(int argc, char **argv, struct login_context *cxt)
/* Wipe the name - some people mistype their password here. */
/* (Of course we are too late, but perhaps this helps a little...) */
#ifdef HAVE_EXPLICIT_BZERO
explicit_bzero(p, strlen(p));
#else
while (*p)
*p++ = ' ';
#endif
}
close_all_fds(wanted_fds, ARRAY_SIZE(wanted_fds));