From d009da6cd677f106448a6692687a4d123b170dee Mon Sep 17 00:00:00 2001 From: Ted Gould Date: Thu, 30 Aug 2012 11:53:42 -0500 Subject: Locking memory if we expect the prompt to be returning a password --- src/pam-freerdp.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 0e5c3fa..43b16d5 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -110,6 +110,18 @@ get_item (pam_handle_t * pamh, int type) char * promptval = responses->resp; free(responses); + /* If we didn't get anything, just move on */ + if (promptval == NULL) { + return NULL; + } + + if (type == PAM_AUTHTOK) { + if (mlock(promptval, strlen(promptval) + 1) != 0) { + free(promptval); + return NULL; + } + } + if (type == PAM_RHOST) { char * subloc = strstr(promptval, "://"); if (subloc != NULL) { @@ -146,11 +158,11 @@ get_item (pam_handle_t * pamh, int type) /* We also save the password globally if we've got one */ if (global_password != NULL) { memset(global_password, 0, strlen(global_password)); - munlock(global_password, strlen(global_password)); + munlock(global_password, strlen(global_password) + 1); free(global_password); } global_password = strdup(promptval); - if (mlock(global_password, strlen(global_password)) != 0) { + if (mlock(global_password, strlen(global_password) + 1) != 0) { /* Woah, can't lock it. Can't keep it. */ free(global_password); global_password = NULL; @@ -159,6 +171,11 @@ get_item (pam_handle_t * pamh, int type) } } + if (type == PAM_AUTHTOK) { + memset(promptval, 0, strlen(promptval) + 1); + munlock(promptval, strlen(promptval) + 1); + } + free(promptval); } -- cgit v1.2.3