summaryrefslogtreecommitdiff
path: root/sbin/init
diff options
context:
space:
mode:
authorRicardo Mestre <mestre@cvs.openbsd.org>2017-05-03 09:51:40 +0000
committerRicardo Mestre <mestre@cvs.openbsd.org>2017-05-03 09:51:40 +0000
commitdce3ca59e0bfb31467829ba436634072a5c09a94 (patch)
tree3ee52c1b525fb89cd3731d8ee40a7f42516e8a07 /sbin/init
parent88384d18b5e0b1be0b4ae3e5d552e8d0ac317a65 (diff)
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data. Discussed aeons ago with tb@, OK deraadt@ and beck@
Diffstat (limited to 'sbin/init')
-rw-r--r--sbin/init/init.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/init/init.c b/sbin/init/init.c
index a2dff9bfafa..1c0e4ce5e73 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: init.c,v 1.63 2017/03/02 10:38:09 natano Exp $ */
+/* $OpenBSD: init.c,v 1.64 2017/05/03 09:51:39 mestre Exp $ */
/* $NetBSD: init.c,v 1.22 1996/05/15 23:29:33 jtc Exp $ */
/*-
@@ -561,12 +561,13 @@ f_single_user(void)
write(STDERR_FILENO, banner, sizeof banner - 1);
for (;;) {
int ok = 0;
- clear = readpassphrase("Password:", pbuf, sizeof(pbuf), RPP_ECHO_OFF);
+ clear = readpassphrase("Password:", pbuf,
+ sizeof(pbuf), RPP_ECHO_OFF);
if (clear == NULL || *clear == '\0')
_exit(0);
if (crypt_checkpass(clear, pp->pw_passwd) == 0)
ok = 1;
- memset(clear, 0, strlen(clear));
+ explicit_bzero(pbuf, sizeof(pbuf));
if (ok)
break;
warning("single-user login failed\n");