opendoas

my fork of doas with custom prompt
git clone git://git.kocotian.pl/opendoas.git
Log | Files | Refs | README | LICENSE

commit a283d2f0e2569329bd13f97d2d61f7556ea51b30
parent 37bd6612bdffabe6d8a588b391bd353c39497abb
Author: Duncaen <mail@duncano.de>
Date:   Wed, 30 Jan 2019 23:17:49 +0100

shadow: clear the password even after a mismatch

Diffstat:
Mshadow.c | 9+++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/shadow.c b/shadow.c @@ -64,9 +64,14 @@ shadowauth(const char *myname, int persist) "tty required for %s", myname); errx(1, "a tty is required"); } - if ((encrypted = crypt(response, hash)) == NULL) - err(1, "crypt"); + if (response == NULL) + err(1, "readpassphrase"); + if ((encrypted = crypt(response, hash)) == NULL) { + explicit_bzero(rbuf, sizeof(rbuf)); + errx(1, "Authorization failed"); + } if (strcmp(encrypted, hash) != 0) { + explicit_bzero(rbuf, sizeof(rbuf)); syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); errx(1, "Authorization failed"); }