diff options
author | Ted Gould <ted@gould.cx> | 2012-08-30 11:53:42 -0500 |
---|---|---|
committer | Ted Gould <ted@gould.cx> | 2012-08-30 11:53:42 -0500 |
commit | d009da6cd677f106448a6692687a4d123b170dee (patch) | |
tree | 0a37f7d07242c35cb614a6da89cc3a5fb26b1a8d | |
parent | 5cabdb8b73427e5a95122d261f7d4243637d8e4d (diff) | |
download | libpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.tar.gz libpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.tar.bz2 libpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.zip |
Locking memory if we expect the prompt to be returning a password
-rw-r--r-- | src/pam-freerdp.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 0e5c3fa..43b16d5 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -110,6 +110,18 @@ get_item (pam_handle_t * pamh, int type) char * promptval = responses->resp; free(responses); + /* If we didn't get anything, just move on */ + if (promptval == NULL) { + return NULL; + } + + if (type == PAM_AUTHTOK) { + if (mlock(promptval, strlen(promptval) + 1) != 0) { + free(promptval); + return NULL; + } + } + if (type == PAM_RHOST) { char * subloc = strstr(promptval, "://"); if (subloc != NULL) { @@ -146,11 +158,11 @@ get_item (pam_handle_t * pamh, int type) /* We also save the password globally if we've got one */ if (global_password != NULL) { memset(global_password, 0, strlen(global_password)); - munlock(global_password, strlen(global_password)); + munlock(global_password, strlen(global_password) + 1); free(global_password); } global_password = strdup(promptval); - if (mlock(global_password, strlen(global_password)) != 0) { + if (mlock(global_password, strlen(global_password) + 1) != 0) { /* Woah, can't lock it. Can't keep it. */ free(global_password); global_password = NULL; @@ -159,6 +171,11 @@ get_item (pam_handle_t * pamh, int type) } } + if (type == PAM_AUTHTOK) { + memset(promptval, 0, strlen(promptval) + 1); + munlock(promptval, strlen(promptval) + 1); + } + free(promptval); } |