diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2013-08-26 21:40:12 +0200 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2013-08-27 07:04:02 +0200 |
| commit | 6dad3beedac1a440cb24341d42abdfeafffde790 (patch) | |
| tree | d748091af43ed3636fc3152f85fa9d9e9e499ff1 | |
| parent | Improve handling of skey_haskey return status. (diff) | |
| download | ulm-6dad3beedac1a440cb24341d42abdfeafffde790.tar.gz ulm-6dad3beedac1a440cb24341d42abdfeafffde790.tar.bz2 ulm-6dad3beedac1a440cb24341d42abdfeafffde790.zip | |
Erase cleartext passwords from memory, bug 482588.pam_skey-1.1.5-patches-6
| -rw-r--r-- | patchsets/pam_skey/1.1.5/05_all_delete_response.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/patchsets/pam_skey/1.1.5/05_all_delete_response.patch b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch new file mode 100644 index 0000000..1e45f25 --- /dev/null +++ b/patchsets/pam_skey/1.1.5/05_all_delete_response.patch @@ -0,0 +1,21 @@ +https://bugs.gentoo.org/482588 +Erase cleartext passwords from memory (CVE-2013-4285). + +--- pam_skey-1.1.5/pam_skey.c ++++ pam_skey/pam_skey.c +@@ -129,6 +129,7 @@ + } + if (strcasecmp(response,"s/key")!=0) { + status = pam_set_item(pamh, PAM_AUTHTOK, response); ++ _pam_delete(response); + if (status != PAM_SUCCESS) + return status; + return PAM_IGNORE; +@@ -176,6 +177,7 @@ + } + + status = pam_set_item(pamh, PAM_AUTHTOK, response); ++ _pam_delete(response); + return PAM_IGNORE; + } + |