1
0
Fork 0
forked from soccera/rdo

Clear password after we're done using it

Previously, the password would not be cleared after we hashed it with
crypt(), which lead to the password staying in memory for the duration
of program runtime.

This was only really an issue for incorrect passwords, as execve()
purges our memory anyway, but attackers could use an incorrect but
mostly correct password for privilege escalation.

Due to this being a security issue, this commit also introduces rdo
version 1.3.

Fixes #7
This commit is contained in:
sw1tchbl4d3 2022-02-07 14:37:54 +01:00
parent 5d79415618
commit 860f9cbf47

7
rdo.c
View file

@ -9,7 +9,7 @@
#include <bsd/readpassphrase.h>
#include "sessions.h"
#define VERSION "1.2"
#define VERSION "1.3"
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
char* line = NULL;
@ -96,7 +96,10 @@ int main(int argc, char** argv) {
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))
err(1, "Could not get passphrase");
if (strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)) == 0) {
int rc = strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp));
memset(password, 0, sizeof(password));
if (rc == 0) {
setsession(getppid(), ts_ttl);
return runprog(argc, argv);
}