diff options
author | Ted Gould <ted@gould.cx> | 2012-08-28 14:24:43 -0500 |
---|---|---|
committer | Ted Gould <ted@gould.cx> | 2012-08-28 14:24:43 -0500 |
commit | 66187012c38bfe7c0fd3022b6f0135db575142ca (patch) | |
tree | 446d86b7c4246887f7f2d1148e93bc64537ea40d /src | |
parent | 62c656c77b1e9d5b426c8c569d57d39aeb976e78 (diff) | |
download | libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.gz libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.tar.bz2 libpam-freerdp2-66187012c38bfe7c0fd3022b6f0135db575142ca.zip |
Now that we have long running memory with a password in it, we need to lock it down
Diffstat (limited to 'src')
-rw-r--r-- | src/pam-freerdp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index e284619..f635162 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -23,6 +23,7 @@ #include <sys/wait.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/mman.h> #include <sys/un.h> #include <pwd.h> @@ -128,9 +129,12 @@ get_item (pam_handle_t * pamh, int type) } if (type == PAM_AUTHTOK) { if (global_password != NULL) { + memset(global_password, 0, strlen(global_password)); + munlock(global_password, strlen(global_password)); free(global_password); } global_password = strdup(retval); + mlock(global_password, strlen(global_password)); } } |