|
 |
983853 |
diff -up ./src/pam_pkcs11/pam_pkcs11.c.mem-leak ./src/pam_pkcs11/pam_pkcs11.c
|
|
|
983853 |
--- ./src/pam_pkcs11/pam_pkcs11.c.mem-leak 2014-02-24 15:01:47.207019357 -0800
|
|
|
983853 |
+++ ./src/pam_pkcs11/pam_pkcs11.c 2014-02-24 15:22:37.715982927 -0800
|
|
|
983853 |
@@ -163,8 +163,14 @@ static int pam_get_pwd(pam_handle_t *pam
|
|
|
983853 |
/* save password if variable nitem is set */
|
|
|
983853 |
if ((nitem == PAM_AUTHTOK) || (nitem == PAM_OLDAUTHTOK)) {
|
|
|
983853 |
rv = pam_set_item(pamh, nitem, *pwd);
|
|
|
983853 |
- if (rv != PAM_SUCCESS)
|
|
|
983853 |
+ if (rv != PAM_SUCCESS) {
|
|
|
983853 |
+ if (*pwd) {
|
|
|
983853 |
+ memset (*pwd, 0, strlen(*pwd));
|
|
|
983853 |
+ free(*pwd);
|
|
|
983853 |
+ *pwd = NULL;
|
|
|
983853 |
+ }
|
|
|
983853 |
return rv;
|
|
|
983853 |
+ }
|
|
|
983853 |
}
|
|
|
983853 |
return PAM_SUCCESS;
|
|
|
983853 |
}
|
|
|
983853 |
@@ -176,7 +182,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
983853 |
int i, rv;
|
|
|
983853 |
const char *user = NULL;
|
|
|
983853 |
char *password;
|
|
|
983853 |
- char password_prompt[70];
|
|
|
983853 |
+ char password_prompt[180];
|
|
|
983853 |
unsigned int slot_num = 0;
|
|
|
983853 |
int is_a_screen_saver = 0;
|
|
|
983853 |
struct configuration_st *configuration;
|
|
|
983853 |
@@ -281,9 +287,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
|
|
|
983853 |
DBG1("explicit username = [%s]", user);
|
|
|
983853 |
}
|
|
|
983853 |
} else {
|
|
|
983853 |
- sprintf(password_prompt,
|
|
|
983853 |
+ snprintf(password_prompt, sizeof(password_prompt),
|
|
|
983853 |
_("Please insert your %s or enter your username."),
|
|
|
983853 |
_(configuration->token_type));
|
|
|
983853 |
+ /* make sure we are NULL terminated if snprintf has to truncate */
|
|
|
983853 |
+ password_prompt[sizeof(password_prompt)-1] =0;
|
|
|
983853 |
pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
|
|
|
983853 |
/* get user name */
|
|
|
983853 |
rv = pam_get_user(pamh, &user, NULL);
|