From 860f9cbf471dc0636895c70191c958c8883e11be Mon Sep 17 00:00:00 2001
From: sw1tchbl4d3 <sw1tchbl4d3@sw1tchbl4d3.com>
Date: Mon, 7 Feb 2022 14:37:54 +0100
Subject: [PATCH] Clear password after we're done using it

Previously, the password would not be cleared after we hashed it with
crypt(), which lead to the password staying in memory for the duration
of program runtime.

This was only really an issue for incorrect passwords, as execve()
purges our memory anyway, but attackers could use an incorrect but
mostly correct password for privilege escalation.

Due to this being a security issue, this commit also introduces rdo
version 1.3.

Fixes #7
---
 rdo.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rdo.c b/rdo.c
index 3016396..16ff909 100644
--- a/rdo.c
+++ b/rdo.c
@@ -9,7 +9,7 @@
 #include <bsd/readpassphrase.h>
 #include "sessions.h"
 
-#define VERSION "1.2"
+#define VERSION "1.3"
 
 void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
 	char* line = NULL;
@@ -96,7 +96,10 @@ int main(int argc, char** argv) {
 		if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))
 			err(1, "Could not get passphrase");
 
-		if (strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)) == 0) {
+		int rc = strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp));
+		memset(password, 0, sizeof(password));
+
+		if (rc == 0) {
 			setsession(getppid(), ts_ttl);
 			return runprog(argc, argv);
 		}