system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 18:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

init: use explicit_bzero() for clearing passwords

Browse source 
This is a nop in practice, because it cannot be proven that this
particular bzero() is not significant.  Make it explicit anyways, rather
than relying on an implementation detail of how the password is
collected.

Discussed with:	Andrew Gierth <andrew tao146 riddles org uk>
This commit is contained in:
Kyle Evans 2021-03-02 21:38:37 -06:00
parent de415e663c
commit 852f70b240
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sbin/init/init.c
View file

@ -908,7 +908,7 @@ single_user(void)
if (clear == NULL || *clear == '\0')
_exit(0);
password = crypt(clear, pp->pw_passwd);
bzero(clear, _PASSWORD_LEN);
explicit_bzero(clear, _PASSWORD_LEN);
if (password != NULL &&
strcmp(password, pp->pw_passwd) == 0)
break;