diff options
-rw-r--r-- | src/pam-freerdp.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 8129787..82704c5 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -303,10 +303,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv buffer_len += strlen(password) + 1; /* Add one for the NULL */ char * buffer = malloc(buffer_len); + /* Lock the buffer before writing */ + mlock(buffer, buffer_len); snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost); pid_t pid = fork(); if (pid == 0) { + /* Locks to carry over */ + mlock(buffer, buffer_len); + if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { _exit(EXIT_FAILURE); @@ -341,11 +346,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv } else if (pid < 0) { retval = PAM_SYSTEM_ERR; close(socketfd); - free(buffer); } else { session_pid = pid; } + memset(buffer, 0, buffer_len); + munlock(buffer, buffer_len); + free(buffer); + done: if (username != NULL) { free(username); } if (password != NULL) { free(password); } |