diff --git a/ChangeLog b/ChangeLog index 335851d7..13d8d562 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2009-04-20 Nicolas François + + * lib/pwio.c, lib/shadowio.c, lib/groupio.c, lib/sgroupio.c: Fill + the password fields with zeros before they are freed. + 2009-04-19 Changwoo Ryu * po/ko.po: Updated Korean translation. diff --git a/lib/groupio.c b/lib/groupio.c index 6ca720d8..cdca7c9a 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -3,7 +3,7 @@ * Copyright (c) 1996 - 2000, Marek Michałkiewicz * Copyright (c) 2001 , Michał Moskal * Copyright (c) 2005 , Tomasz Kłoczko - * Copyright (c) 2007 - 2008, Nicolas François + * Copyright (c) 2007 - 2009, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -60,6 +60,7 @@ static void group_free (void *ent) struct group *gr = ent; free (gr->gr_name); + memzero (gr->gr_passwd, strlen (gr->gr_passwd)); free (gr->gr_passwd); while (*(gr->gr_mem)) { free (*(gr->gr_mem)); diff --git a/lib/pwio.c b/lib/pwio.c index 63cdc511..38eea9c2 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -3,7 +3,7 @@ * Copyright (c) 1996 - 2000, Marek Michałkiewicz * Copyright (c) 2001 , Michał Moskal * Copyright (c) 2003 - 2005, Tomasz Kłoczko - * Copyright (c) 2007 - 2008, Nicolas François + * Copyright (c) 2007 - 2009, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -54,6 +54,7 @@ static void passwd_free (void *ent) struct passwd *pw = ent; free (pw->pw_name); + memzero (pw->pw_passwd, strlen (pw->pw_passwd)); free (pw->pw_passwd); free (pw->pw_gecos); free (pw->pw_dir); diff --git a/lib/sgroupio.c b/lib/sgroupio.c index 1454bc55..bae2068f 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -102,6 +102,7 @@ static void gshadow_free (void *ent) struct sgrp *sg = ent; free (sg->sg_name); + memzero (sg->sg_passwd, strlen (sg->sg_passwd)); free (sg->sg_passwd); while (NULL != *(sg->sg_adm)) { free (*(sg->sg_adm)); diff --git a/lib/shadowio.c b/lib/shadowio.c index 810a6d43..9a8000c4 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -3,7 +3,7 @@ * Copyright (c) 1996 - 2000, Marek Michałkiewicz * Copyright (c) 2001 , Michał Moskal * Copyright (c) 2005 , Tomasz Kłoczko - * Copyright (c) 2007 - 2008, Nicolas François + * Copyright (c) 2007 - 2009, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -54,6 +54,7 @@ static void shadow_free (void *ent) struct spwd *sp = ent; free (sp->sp_namp); + memzero (sp->sp_pwdp, strlen (sp->sp_pwdp)); free (sp->sp_pwdp); free (sp); }