From: Sami Kerola <kerolasa@iki.fi>
To: util-linux@vger.kernel.org
Cc: Sami Kerola <kerolasa@iki.fi>
Subject: [PATCH] newgrp: use libc explicit_bzero() when it is available
Date: Thu, 5 Jan 2017 22:33:40 +0000 [thread overview]
Message-ID: <20170105223340.2721-1-kerolasa@iki.fi> (raw)
This currently new function will be part of glibc 2.25.
Reference: https://sourceware.org/git/?p=glibc.git;a=commit;h=ea1bd74defcf9d5291d14972e63105168ca9eb4f
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
configure.ac | 1 +
login-utils/newgrp.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 796364f71..c50f07a47 100644
--- a/configure.ac
+++ b/configure.ac
@@ -379,6 +379,7 @@ AC_CHECK_FUNCS([ \
__secure_getenv \
err \
errx \
+ explicit_bzero \
fsync \
utimensat \
getdomainname \
diff --git a/login-utils/newgrp.c b/login-utils/newgrp.c
index 367333ec3..63a45cd6a 100644
--- a/login-utils/newgrp.c
+++ b/login-utils/newgrp.c
@@ -60,6 +60,7 @@ static char *xgetpass(FILE *input, const char *prompt)
return pass;
}
+#ifndef HAVE_EXPLICIT_BZERO
/* Ensure memory is set to value c without compiler optimization getting
* into way that could happen with memset(3). */
static int xmemset_s(void *v, size_t sz, const int c)
@@ -72,6 +73,7 @@ static int xmemset_s(void *v, size_t sz, const int c)
*p++ = c;
return 0;
}
+#endif
/* try to read password from gshadow */
static char *get_gshadow_pwd(const char *groupname)
@@ -148,7 +150,11 @@ static int allow_setgid(const struct passwd *pe, const struct group *ge)
if (pwd && *pwd && (xpwd = xgetpass(stdin, _("Password: ")))) {
char *cbuf = crypt(xpwd, pwd);
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero(xpwd, strlen(xpwd));
+#else
xmemset_s(xpwd, strlen(xpwd), 0);
+#endif
free(xpwd);
if (!cbuf)
warn(_("crypt failed"));
--
2.11.0
next reply other threads:[~2017-01-05 22:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 22:33 Sami Kerola [this message]
2017-01-06 11:09 ` [PATCH] newgrp: use libc explicit_bzero() when it is available Bernhard Voelker
2017-01-06 12:15 ` Rüdiger Meier
2017-01-09 14:31 ` Aurélien Aptel
2017-01-16 11:31 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170105223340.2721-1-kerolasa@iki.fi \
--to=kerolasa@iki.fi \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.