aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-30 11:53:42 -0500
committerTed Gould <ted@gould.cx>2012-08-30 11:53:42 -0500
commitd009da6cd677f106448a6692687a4d123b170dee (patch)
tree0a37f7d07242c35cb614a6da89cc3a5fb26b1a8d
parent5cabdb8b73427e5a95122d261f7d4243637d8e4d (diff)
downloadlibpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.tar.gz
libpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.tar.bz2
libpam-x2go-d009da6cd677f106448a6692687a4d123b170dee.zip
Locking memory if we expect the prompt to be returning a password
-rw-r--r--src/pam-freerdp.c21
1 files changed, 19 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 0e5c3fa..43b16d5 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -110,6 +110,18 @@ get_item (pam_handle_t * pamh, int type)
char * promptval = responses->resp;
free(responses);
+ /* If we didn't get anything, just move on */
+ if (promptval == NULL) {
+ return NULL;
+ }
+
+ if (type == PAM_AUTHTOK) {
+ if (mlock(promptval, strlen(promptval) + 1) != 0) {
+ free(promptval);
+ return NULL;
+ }
+ }
+
if (type == PAM_RHOST) {
char * subloc = strstr(promptval, "://");
if (subloc != NULL) {
@@ -146,11 +158,11 @@ get_item (pam_handle_t * pamh, int type)
/* We also save the password globally if we've got one */
if (global_password != NULL) {
memset(global_password, 0, strlen(global_password));
- munlock(global_password, strlen(global_password));
+ munlock(global_password, strlen(global_password) + 1);
free(global_password);
}
global_password = strdup(promptval);
- if (mlock(global_password, strlen(global_password)) != 0) {
+ if (mlock(global_password, strlen(global_password) + 1) != 0) {
/* Woah, can't lock it. Can't keep it. */
free(global_password);
global_password = NULL;
@@ -159,6 +171,11 @@ get_item (pam_handle_t * pamh, int type)
}
}
+ if (type == PAM_AUTHTOK) {
+ memset(promptval, 0, strlen(promptval) + 1);
+ munlock(promptval, strlen(promptval) + 1);
+ }
+
free(promptval);
}