commit 37bd6612bdffabe6d8a588b391bd353c39497abb
parent 39c5d01f30a99d94dc89411a8e1ab103e2fc3074
Author: tedu <tedu>
Date: Thu, 17 Jan 2019 05:35:35 +0000
clear the password even after a mismatch
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/doas.c b/doas.c
@@ -234,6 +234,7 @@ authuser(char *myname, char *login_style, int persist)
errx(1, "a tty is required");
}
if (!auth_userresponse(as, response, 0)) {
+ explicit_bzero(rbuf, sizeof(rbuf));
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed auth for %s", myname);
errx(1, "Authorization failed");
