Now that we have long running memory with a password in it, we need to lock it down

author: Ted Gould <ted@gould.cx> 2012-08-28 14:24:43 -0500
committer: Ted Gould <ted@gould.cx> 2012-08-28 14:24:43 -0500
commit: 66187012c38bfe7c0fd3022b6f0135db575142ca (patch)
tree: 446d86b7c4246887f7f2d1148e93bc64537ea40d
parent: 62c656c77b1e9d5b426c8c569d57d39aeb976e78 (diff)
download: libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.gz
libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.bz2
libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index e284619..f635162 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,6 +23,7 @@
 #include <sys/wait.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/mman.h>
 #include <sys/un.h>
 #include <pwd.h>
 
@@ -128,9 +129,12 @@ get_item (pam_handle_t * pamh, int type)
 		}
 		if (type == PAM_AUTHTOK) {
 			if (global_password != NULL) {
+				memset(global_password, 0, strlen(global_password));
+				munlock(global_password, strlen(global_password));
 				free(global_password);
 			}
 			global_password = strdup(retval);
+			mlock(global_password, strlen(global_password));
 		}
 	}
author	Ted Gould <ted@gould.cx>	2012-08-28 14:24:43 -0500
committer	Ted Gould <ted@gould.cx>	2012-08-28 14:24:43 -0500
commit	66187012c38bfe7c0fd3022b6f0135db575142ca (patch)
tree	446d86b7c4246887f7f2d1148e93bc64537ea40d
parent	62c656c77b1e9d5b426c8c569d57d39aeb976e78 (diff)
download	libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.gz libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.bz2 libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.zip