summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2002-08-07 23:22:42 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2002-08-07 23:22:42 +0000
commitf6b92da41855e737bfb18b74f937f662af514bfa (patch)
tree50572950dbb9a716a8451ca31779dccb8f0d0f78
parent1c3b4444c373ba1a8b49b0b2460b04e0328d6fd4 (diff)
paranoia: zero out pw_passwd since we don't need it
-rw-r--r--usr.sbin/cron/atrun.c5
-rw-r--r--usr.sbin/cron/crontab.c6
-rw-r--r--usr.sbin/cron/database.c5
-rw-r--r--usr.sbin/cron/entry.c8
4 files changed, 14 insertions, 10 deletions
diff --git a/usr.sbin/cron/atrun.c b/usr.sbin/cron/atrun.c
index f3d8c148216..2129e3d14e9 100644
--- a/usr.sbin/cron/atrun.c
+++ b/usr.sbin/cron/atrun.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: atrun.c,v 1.2 2002/07/15 22:16:41 millert Exp $ */
+/* $OpenBSD: atrun.c,v 1.3 2002/08/07 23:22:41 millert Exp $ */
/*
* Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -28,7 +28,7 @@
*/
#if !defined(lint) && !defined(LINT)
-static const char rcsid[] = "$OpenBSD: atrun.c,v 1.2 2002/07/15 22:16:41 millert Exp $";
+static const char rcsid[] = "$OpenBSD: atrun.c,v 1.3 2002/08/07 23:22:41 millert Exp $";
#endif
#include "cron.h"
@@ -280,6 +280,7 @@ run_job(atjob *job, char *atfile)
log_it("CRON", getpid(), "ORPHANED JOB", atfile);
_exit(ERROR_EXIT);
}
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
/* XXX - is this needed now that we do auth_approval? */
if (pw->pw_expire && time(NULL) >= pw->pw_expire) {
log_it(pw->pw_name, getpid(), "ACCOUNT EXPIRED, JOB ABORTED",
diff --git a/usr.sbin/cron/crontab.c b/usr.sbin/cron/crontab.c
index 48bcf3c4afc..a50048b9cec 100644
--- a/usr.sbin/cron/crontab.c
+++ b/usr.sbin/cron/crontab.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crontab.c,v 1.34 2002/07/15 19:13:29 millert Exp $ */
+/* $OpenBSD: crontab.c,v 1.35 2002/08/07 23:22:41 millert Exp $ */
/* Copyright 1988,1990,1993,1994 by Paul Vixie
* All rights reserved
*/
@@ -21,7 +21,7 @@
*/
#if !defined(lint) && !defined(LINT)
-static char const rcsid[] = "$OpenBSD: crontab.c,v 1.34 2002/07/15 19:13:29 millert Exp $";
+static char const rcsid[] = "$OpenBSD: crontab.c,v 1.35 2002/08/07 23:22:41 millert Exp $";
#endif
/* crontab - install and manage per-user crontab files
@@ -128,6 +128,7 @@ parse_args(int argc, char *argv[]) {
fprintf(stderr, "bailing out.\n");
exit(ERROR_EXIT);
}
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
if (strlen(pw->pw_name) >= sizeof User) {
fprintf(stderr, "username too long\n");
exit(ERROR_EXIT);
@@ -155,6 +156,7 @@ parse_args(int argc, char *argv[]) {
ProgramName, optarg);
exit(ERROR_EXIT);
}
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
if (strlen(optarg) >= sizeof User)
usage("username too long");
(void) strcpy(User, optarg);
diff --git a/usr.sbin/cron/database.c b/usr.sbin/cron/database.c
index 9e58b2e9f2c..f2e0bdaa927 100644
--- a/usr.sbin/cron/database.c
+++ b/usr.sbin/cron/database.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $ */
+/* $OpenBSD: database.c,v 1.10 2002/08/07 23:22:41 millert Exp $ */
/* Copyright 1988,1990,1993,1994 by Paul Vixie
* All rights reserved
*/
@@ -21,7 +21,7 @@
*/
#if !defined(lint) && !defined(LINT)
-static char const rcsid[] = "$OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $";
+static char const rcsid[] = "$OpenBSD: database.c,v 1.10 2002/08/07 23:22:41 millert Exp $";
#endif
/* vix 26jan87 [RCS has the log]
@@ -192,6 +192,7 @@ process_crontab(const char *uname, const char *fname, const char *tabname,
log_it(fname, getpid(), "ORPHAN", "no passwd entry");
goto next_crontab;
}
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) {
/* crontab not accessible?
diff --git a/usr.sbin/cron/entry.c b/usr.sbin/cron/entry.c
index 603f94538af..25199e0a178 100644
--- a/usr.sbin/cron/entry.c
+++ b/usr.sbin/cron/entry.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: entry.c,v 1.13 2002/07/15 19:13:29 millert Exp $ */
+/* $OpenBSD: entry.c,v 1.14 2002/08/07 23:22:41 millert Exp $ */
/*
* Copyright 1988,1990,1993,1994 by Paul Vixie
* All rights reserved
@@ -22,7 +22,7 @@
*/
#if !defined(lint) && !defined(LINT)
-static char const rcsid[] = "$OpenBSD: entry.c,v 1.13 2002/07/15 19:13:29 millert Exp $";
+static char const rcsid[] = "$OpenBSD: entry.c,v 1.14 2002/08/07 23:22:41 millert Exp $";
#endif
/* vix 26jan87 [RCS'd; rest of log is in RCS file]
@@ -248,11 +248,11 @@ load_entry(FILE *file, void (*error_func)(), struct passwd *pw, char **envp) {
goto eof;
}
- pw = getpwnam(username);
- if (pw == NULL) {
+ if ((pw = getpwnam(username)) == NULL) {
ecode = e_username;
goto eof;
}
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
Debug(DPARS, ("load_entry()...uid %ld, gid %ld\n",
(long)e->pwd->pw_uid, (long)e->pwd->pw_gid))
} else if (ch == '*') {