sulogin: use explicit_bzero() for buffer with password

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

login-utils/sulogin.c

@@ -80,6 +80,8 @@ static struct sigaction saved_sigchld;
 static volatile sig_atomic_t alarm_rised;
 static volatile sig_atomic_t sigchild;
 
+#define SULOGIN_PASSWORD_BUFSIZ	128
+
 #ifndef IUCLC
 # define IUCLC		0
 #endif
@@ -602,13 +604,13 @@ static void setup(struct console *con)
  * Ask for the password. Note that there is no default timeout as we normally
  * skip this during boot.
  */
-static const char *getpasswd(struct console *con)
+static char *getpasswd(struct console *con)
 {
 	struct sigaction sa;
 	struct termios tty;
-	static char pass[128], *ptr;
+	static char pass[SULOGIN_PASSWORD_BUFSIZ], *ptr;
 	struct chardata *cp;
-	const char *ret = pass;
+	char *ret = NULL;
 	unsigned char tc;
 	char c, ascval;
 	int eightbit;
@@ -711,6 +713,8 @@ quit:
 	tcfinal(con);
 	printf("\r\n");
 out:
+	if (ret == NULL)
+		explicit_bzero(pass, sizeof(pass));
 	return ret;
 }
 
@@ -977,7 +981,7 @@ int main(int argc, char **argv)
 			setup(con);
 			while (1) {
 				const char *passwd = pwd->pw_passwd;
-				const char *answer;
+				char *answer;
 				int doshell = 0;
 				int deny = !opt_e && locked_account_password(pwd->pw_passwd);
 
@@ -985,8 +989,10 @@ int main(int argc, char **argv)
 
 				if ((answer = getpasswd(con)) == NULL)
 					break;
-				if (deny)
+				if (deny) {
+					explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
 					exit(EXIT_FAILURE);
+				}
 
 				/* no password or locked account */
 				if (!passwd[0] || locked_account_password(passwd))
@@ -1000,6 +1006,8 @@ int main(int argc, char **argv)
 						doshell++;
 				}
 
+				explicit_bzero(answer, SULOGIN_PASSWORD_BUFSIZ);
+
 				if (doshell) {
 					/* sushell() unmask signals */
 					sushell(pwd);