diff --git a/configure.ac b/configure.ac index 1d2e379..d015ed8 100644 --- a/configure.ac +++ b/configure.ac @@ -91,7 +91,7 @@ AC_CHECK_FUNCS([asprintf vasprintf]) AC_CHECK_FUNCS([dlfunc fdlopen]) AC_CHECK_FUNCS([fpurge]) AC_CHECK_FUNCS([setlogmask]) -AC_CHECK_FUNCS([strlcat strlcmp strlcpy]) +AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset]) saved_LIBS="${LIBS}" LIBS="" diff --git a/lib/libpam/Makefile.am b/lib/libpam/Makefile.am index 43e2f54..4e7df9b 100644 --- a/lib/libpam/Makefile.am +++ b/lib/libpam/Makefile.am @@ -18,6 +18,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -44,9 +45,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ diff --git a/lib/libpam/openpam_strlset.c b/lib/libpam/openpam_strlset.c new file mode 100644 index 0000000..5711b3e --- /dev/null +++ b/lib/libpam/openpam_strlset.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2011-2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE_STRLSET + +#include + +#include "openpam_strlset.h" + +/* + * like memset(3), but stops at the first NUL byte and NUL-terminates the + * result. Returns the number of bytes that were written, not including + * the terminating NUL. + */ +size_t +openpam_strlset(char *str, int ch, size_t size) +{ + size_t len; + + for (len = 0; *str && size > 1; ++len, --size) + *str++ = ch; + *str = '\0'; + return (++len); +} + +#endif diff --git a/lib/libpam/openpam_strlset.h b/lib/libpam/openpam_strlset.h new file mode 100644 index 0000000..2da15ab --- /dev/null +++ b/lib/libpam/openpam_strlset.h @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef OPENPAM_STRLSET_H_INCLUDED +#define OPENPAM_STRLSET_H_INCLUDED + +#ifndef HAVE_STRLSET +size_t openpam_strlset(char *, int, size_t); +#undef strlset +#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__) +#endif + +#endif diff --git a/lib/libpam/openpam_ttyconv.c b/lib/libpam/openpam_ttyconv.c index f10cdd4..f5eb384 100644 --- a/lib/libpam/openpam_ttyconv.c +++ b/lib/libpam/openpam_ttyconv.c @@ -55,6 +55,7 @@ #include #include "openpam_impl.h" +#include "openpam_strlset.h" int openpam_ttyconv_timeout = 0; @@ -366,7 +367,7 @@ openpam_ttyconv(int n, fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { - memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE); FREE(aresp[i].resp); } } diff --git a/lib/libpam/pam_get_authtok.c b/lib/libpam/pam_get_authtok.c index 584a52e..940d1dc 100644 --- a/lib/libpam/pam_get_authtok.c +++ b/lib/libpam/pam_get_authtok.c @@ -48,6 +48,7 @@ #include #include "openpam_impl.h" +#include "openpam_strlset.h" static const char authtok_prompt[] = "Password:"; static const char authtok_prompt_remote[] = "Password for %u@%h:"; @@ -140,16 +141,21 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) + if (strcmp(resp, resp2) != 0) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); + } + strlset(resp2, 0, PAM_MAX_RESP_SIZE); FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); if (r != PAM_SUCCESS) RETURNC(r);