summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2007-10-31 21:13:46 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2007-10-31 21:13:46 +0000
commit17be099628eed654f9272ab02e382eb5ee5281ea (patch)
tree073b671f9bed4a2f3e5abe6a587b60b2f2e00bb1 /sys
parentef524d7a2fcc5dfaa8be32bc70c5398912d1a96d (diff)
Don't leak potentially secret authname through ioctl interface.
Suggestions from mpf@ and canacar@ ok deraadt mpf canacar
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_spppsubr.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c
index 8a0a79b44c6..2cb83fb3d2f 100644
--- a/sys/net/if_spppsubr.c
+++ b/sys/net/if_spppsubr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_spppsubr.c,v 1.58 2007/09/25 23:52:27 canacar Exp $ */
+/* $OpenBSD: if_spppsubr.c,v 1.59 2007/10/31 21:13:45 mikeb Exp $ */
/*
* Synchronous PPP/Cisco link level subroutines.
* Keepalive protocol implemented in both Cisco and PPP modes.
@@ -4875,6 +4875,10 @@ sppp_params(struct sppp *sp, u_long cmd, void *data)
* CHAP secrets back to userland anyway.
*/
bcopy(sp, &spr.defs, sizeof(struct sppp));
+ if (suser(curproc, 0) != 0) {
+ bzero(spr.defs.myauth.name, AUTHNAMELEN);
+ bzero(spr.defs.hisauth.name, AUTHNAMELEN);
+ }
bzero(spr.defs.myauth.secret, AUTHKEYLEN);
bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
bzero(spr.defs.hisauth.secret, AUTHKEYLEN);