mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 18:27:22 +00:00
init: use explicit_bzero() for clearing passwords
This is a nop in practice, because it cannot be proven that this particular bzero() is not significant. Make it explicit anyways, rather than relying on an implementation detail of how the password is collected. Discussed with: Andrew Gierth <andrew tao146 riddles org uk>
This commit is contained in:
parent
de415e663c
commit
852f70b240
|
@ -908,7 +908,7 @@ single_user(void)
|
|||
if (clear == NULL || *clear == '\0')
|
||||
_exit(0);
|
||||
password = crypt(clear, pp->pw_passwd);
|
||||
bzero(clear, _PASSWORD_LEN);
|
||||
explicit_bzero(clear, _PASSWORD_LEN);
|
||||
if (password != NULL &&
|
||||
strcmp(password, pp->pw_passwd) == 0)
|
||||
break;
|
||||
|
|
Loading…
Reference in a new issue