packages/sudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sudo/backport-sudo_passwd_cleanup-Set-auth-data-to-NULL-after-free.patch
modric 3213e9bd82 Backport patches from upstream community. 
(cherry picked from commit bef154bcfd83a54e15b044e24cedcecec44a1106)
2022-12-08 20:29:40 +08:00

23 lines
792 B
Diff
Raw Permalink Blame History

From b3834bbf248f3376ada8fc44166cba38c8ad4bcf Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 17 Nov 2022 08:10:35 -0700
Subject: [PATCH] sudo_passwd_cleanup: Set auth->data to NULL after freeing.
GitHub issue #201
---
plugins/sudoers/auth/passwd.c | 1 +
1 file changed, 1 insertions(+), 0 deletions(-)
diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
index 889a8e3..910a510 100644
--- a/plugins/sudoers/auth/passwd.c
+++ b/plugins/sudoers/auth/passwd.c
@@ -104,6 +104,7 @@ sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
if (pw_epasswd != NULL) {
memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd));
free(pw_epasswd);
+ auth->data = NULL;
}
debug_return_int(AUTH_SUCCESS);
}
Reference in New Issue View Git Blame Copy Permalink