diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-07 23:22:42 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-07 23:22:42 +0000 |
commit | f6b92da41855e737bfb18b74f937f662af514bfa (patch) | |
tree | 50572950dbb9a716a8451ca31779dccb8f0d0f78 | |
parent | 1c3b4444c373ba1a8b49b0b2460b04e0328d6fd4 (diff) |
paranoia: zero out pw_passwd since we don't need it
-rw-r--r-- | usr.sbin/cron/atrun.c | 5 | ||||
-rw-r--r-- | usr.sbin/cron/crontab.c | 6 | ||||
-rw-r--r-- | usr.sbin/cron/database.c | 5 | ||||
-rw-r--r-- | usr.sbin/cron/entry.c | 8 |
4 files changed, 14 insertions, 10 deletions
diff --git a/usr.sbin/cron/atrun.c b/usr.sbin/cron/atrun.c index f3d8c148216..2129e3d14e9 100644 --- a/usr.sbin/cron/atrun.c +++ b/usr.sbin/cron/atrun.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atrun.c,v 1.2 2002/07/15 22:16:41 millert Exp $ */ +/* $OpenBSD: atrun.c,v 1.3 2002/08/07 23:22:41 millert Exp $ */ /* * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com> @@ -28,7 +28,7 @@ */ #if !defined(lint) && !defined(LINT) -static const char rcsid[] = "$OpenBSD: atrun.c,v 1.2 2002/07/15 22:16:41 millert Exp $"; +static const char rcsid[] = "$OpenBSD: atrun.c,v 1.3 2002/08/07 23:22:41 millert Exp $"; #endif #include "cron.h" @@ -280,6 +280,7 @@ run_job(atjob *job, char *atfile) log_it("CRON", getpid(), "ORPHANED JOB", atfile); _exit(ERROR_EXIT); } + bzero(pw->pw_passwd, strlen(pw->pw_passwd)); /* XXX - is this needed now that we do auth_approval? */ if (pw->pw_expire && time(NULL) >= pw->pw_expire) { log_it(pw->pw_name, getpid(), "ACCOUNT EXPIRED, JOB ABORTED", diff --git a/usr.sbin/cron/crontab.c b/usr.sbin/cron/crontab.c index 48bcf3c4afc..a50048b9cec 100644 --- a/usr.sbin/cron/crontab.c +++ b/usr.sbin/cron/crontab.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crontab.c,v 1.34 2002/07/15 19:13:29 millert Exp $ */ +/* $OpenBSD: crontab.c,v 1.35 2002/08/07 23:22:41 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved */ @@ -21,7 +21,7 @@ */ #if !defined(lint) && !defined(LINT) -static char const rcsid[] = "$OpenBSD: crontab.c,v 1.34 2002/07/15 19:13:29 millert Exp $"; +static char const rcsid[] = "$OpenBSD: crontab.c,v 1.35 2002/08/07 23:22:41 millert Exp $"; #endif /* crontab - install and manage per-user crontab files @@ -128,6 +128,7 @@ parse_args(int argc, char *argv[]) { fprintf(stderr, "bailing out.\n"); exit(ERROR_EXIT); } + bzero(pw->pw_passwd, strlen(pw->pw_passwd)); if (strlen(pw->pw_name) >= sizeof User) { fprintf(stderr, "username too long\n"); exit(ERROR_EXIT); @@ -155,6 +156,7 @@ parse_args(int argc, char *argv[]) { ProgramName, optarg); exit(ERROR_EXIT); } + bzero(pw->pw_passwd, strlen(pw->pw_passwd)); if (strlen(optarg) >= sizeof User) usage("username too long"); (void) strcpy(User, optarg); diff --git a/usr.sbin/cron/database.c b/usr.sbin/cron/database.c index 9e58b2e9f2c..f2e0bdaa927 100644 --- a/usr.sbin/cron/database.c +++ b/usr.sbin/cron/database.c @@ -1,4 +1,4 @@ -/* $OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $ */ +/* $OpenBSD: database.c,v 1.10 2002/08/07 23:22:41 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved */ @@ -21,7 +21,7 @@ */ #if !defined(lint) && !defined(LINT) -static char const rcsid[] = "$OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $"; +static char const rcsid[] = "$OpenBSD: database.c,v 1.10 2002/08/07 23:22:41 millert Exp $"; #endif /* vix 26jan87 [RCS has the log] @@ -192,6 +192,7 @@ process_crontab(const char *uname, const char *fname, const char *tabname, log_it(fname, getpid(), "ORPHAN", "no passwd entry"); goto next_crontab; } + bzero(pw->pw_passwd, strlen(pw->pw_passwd)); if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) { /* crontab not accessible? diff --git a/usr.sbin/cron/entry.c b/usr.sbin/cron/entry.c index 603f94538af..25199e0a178 100644 --- a/usr.sbin/cron/entry.c +++ b/usr.sbin/cron/entry.c @@ -1,4 +1,4 @@ -/* $OpenBSD: entry.c,v 1.13 2002/07/15 19:13:29 millert Exp $ */ +/* $OpenBSD: entry.c,v 1.14 2002/08/07 23:22:41 millert Exp $ */ /* * Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved @@ -22,7 +22,7 @@ */ #if !defined(lint) && !defined(LINT) -static char const rcsid[] = "$OpenBSD: entry.c,v 1.13 2002/07/15 19:13:29 millert Exp $"; +static char const rcsid[] = "$OpenBSD: entry.c,v 1.14 2002/08/07 23:22:41 millert Exp $"; #endif /* vix 26jan87 [RCS'd; rest of log is in RCS file] @@ -248,11 +248,11 @@ load_entry(FILE *file, void (*error_func)(), struct passwd *pw, char **envp) { goto eof; } - pw = getpwnam(username); - if (pw == NULL) { + if ((pw = getpwnam(username)) == NULL) { ecode = e_username; goto eof; } + bzero(pw->pw_passwd, strlen(pw->pw_passwd)); Debug(DPARS, ("load_entry()...uid %ld, gid %ld\n", (long)e->pwd->pw_uid, (long)e->pwd->pw_gid)) } else if (ch == '*') { |