diff options
author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2007-10-31 21:13:46 +0000 |
---|---|---|
committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2007-10-31 21:13:46 +0000 |
commit | 17be099628eed654f9272ab02e382eb5ee5281ea (patch) | |
tree | 073b671f9bed4a2f3e5abe6a587b60b2f2e00bb1 /sys | |
parent | ef524d7a2fcc5dfaa8be32bc70c5398912d1a96d (diff) |
Don't leak potentially secret authname through ioctl interface.
Suggestions from mpf@ and canacar@
ok deraadt mpf canacar
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/if_spppsubr.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index 8a0a79b44c6..2cb83fb3d2f 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.58 2007/09/25 23:52:27 canacar Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.59 2007/10/31 21:13:45 mikeb Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. @@ -4875,6 +4875,10 @@ sppp_params(struct sppp *sp, u_long cmd, void *data) * CHAP secrets back to userland anyway. */ bcopy(sp, &spr.defs, sizeof(struct sppp)); + if (suser(curproc, 0) != 0) { + bzero(spr.defs.myauth.name, AUTHNAMELEN); + bzero(spr.defs.hisauth.name, AUTHNAMELEN); + } bzero(spr.defs.myauth.secret, AUTHKEYLEN); bzero(spr.defs.myauth.challenge, AUTHKEYLEN); bzero(spr.defs.hisauth.secret, AUTHKEYLEN); |