[Pkg-shadow-commits] r2713 - in upstream/trunk: . lib

[Nicolas FRANÇOIS]

Author: nekral-guest
Date: 2009-04-20 11:29:17 +0000 (Mon, 20 Apr 2009)
New Revision: 2713

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/lib/groupio.c
   upstream/trunk/lib/pwio.c
   upstream/trunk/lib/sgroupio.c
   upstream/trunk/lib/shadowio.c
Log:
	* lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill
	the password fields with zeros before they are freed.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2009-04-19 16:26:17 UTC (rev 2712)
+++ upstream/trunk/ChangeLog	2009-04-20 11:29:17 UTC (rev 2713)
@@ -1,3 +1,8 @@
+2009-04-20  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill
+	the password fields with zeros before they are freed.
+
 2009-04-19  Changwoo Ryu  <cwryu at debian.org>
 
 	* po/ko.po: Updated Korean translation.

Modified: upstream/trunk/lib/groupio.c
===================================================================
--- upstream/trunk/lib/groupio.c	2009-04-19 16:26:17 UTC (rev 2712)
+++ upstream/trunk/lib/groupio.c	2009-04-20 11:29:17 UTC (rev 2713)
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -60,6 +60,7 @@
 	struct group *gr = ent;
 
 	free (gr->gr_name);
+	memzero (gr->gr_passwd, strlen (gr->gr_passwd));
 	free (gr->gr_passwd);
 	while (*(gr->gr_mem)) {
 		free (*(gr->gr_mem));

Modified: upstream/trunk/lib/pwio.c
===================================================================
--- upstream/trunk/lib/pwio.c	2009-04-19 16:26:17 UTC (rev 2712)
+++ upstream/trunk/lib/pwio.c	2009-04-20 11:29:17 UTC (rev 2713)
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,6 +54,7 @@
 	struct passwd *pw = ent;
 
 	free (pw->pw_name);
+	memzero (pw->pw_passwd, strlen (pw->pw_passwd));
 	free (pw->pw_passwd);
 	free (pw->pw_gecos);
 	free (pw->pw_dir);

Modified: upstream/trunk/lib/sgroupio.c
===================================================================
--- upstream/trunk/lib/sgroupio.c	2009-04-19 16:26:17 UTC (rev 2712)
+++ upstream/trunk/lib/sgroupio.c	2009-04-20 11:29:17 UTC (rev 2713)
@@ -102,6 +102,7 @@
 	struct sgrp *sg = ent;
 
 	free (sg->sg_name);
+	memzero (sg->sg_passwd, strlen (sg->sg_passwd));
 	free (sg->sg_passwd);
 	while (NULL != *(sg->sg_adm)) {
 		free (*(sg->sg_adm));

Modified: upstream/trunk/lib/shadowio.c
===================================================================
--- upstream/trunk/lib/shadowio.c	2009-04-19 16:26:17 UTC (rev 2712)
+++ upstream/trunk/lib/shadowio.c	2009-04-20 11:29:17 UTC (rev 2713)
@@ -3,7 +3,7 @@
  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
  * Copyright (c) 2001       , Michał Moskal
  * Copyright (c) 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * Copyright (c) 2007 - 2009, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,6 +54,7 @@
 	struct spwd *sp = ent;
 
 	free (sp->sp_namp);
+	memzero (sp->sp_pwdp, strlen (sp->sp_pwdp));
 	free (sp->sp_pwdp);
 	free (sp);
 }