aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-28 14:24:43 -0500
committerTed Gould <ted@gould.cx>2012-08-28 14:24:43 -0500
commit6e7601e14089a79aec2accfa800c259049449b8e (patch)
tree446d86b7c4246887f7f2d1148e93bc64537ea40d
parent817ff829b60891959d4b947fbd79c7bd3e2e67dd (diff)
downloadlibpam-x2go-6e7601e14089a79aec2accfa800c259049449b8e.tar.gz
libpam-x2go-6e7601e14089a79aec2accfa800c259049449b8e.tar.bz2
libpam-x2go-6e7601e14089a79aec2accfa800c259049449b8e.zip
Now that we have long running memory with a password in it, we need to lock it down
-rw-r--r--src/pam-freerdp.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index e284619..f635162 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,6 +23,7 @@
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/mman.h>
#include <sys/un.h>
#include <pwd.h>
@@ -128,9 +129,12 @@ get_item (pam_handle_t * pamh, int type)
}
if (type == PAM_AUTHTOK) {
if (global_password != NULL) {
+ memset(global_password, 0, strlen(global_password));
+ munlock(global_password, strlen(global_password));
free(global_password);
}
global_password = strdup(retval);
+ mlock(global_password, strlen(global_password));
}
}