Date: Thu, 1 Apr 2021 17:31:29 GMT From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 4752dc88e64d - stable/12 - init: use explicit_bzero() for clearing passwords Message-ID: <202104011731.131HVTV8042687@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=4752dc88e64dbd90ead7030057f2985297f3453b commit 4752dc88e64dbd90ead7030057f2985297f3453b Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2021-03-03 03:38:37 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2021-04-01 17:30:07 +0000 init: use explicit_bzero() for clearing passwords This is a nop in practice, because it cannot be proven that this particular bzero() is not significant. Make it explicit anyways, rather than relying on an implementation detail of how the password is collected. Discussed with: Andrew Gierth <andrew tao146 riddles org uk> (cherry picked from commit 852f70b24043885f0e438e8fecedd482a9a96d5e) --- sbin/init/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/init/init.c b/sbin/init/init.c index 1bb35dbe5803..59bcfb6893dd 100644 --- a/sbin/init/init.c +++ b/sbin/init/init.c @@ -911,7 +911,7 @@ single_user(void) if (clear == NULL || *clear == '\0') _exit(0); password = crypt(clear, pp->pw_passwd); - bzero(clear, _PASSWORD_LEN); + explicit_bzero(clear, _PASSWORD_LEN); if (password != NULL && strcmp(password, pp->pw_passwd) == 0) break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104011731.131HVTV8042687>