Hi, In the article <[EMAIL PROTECTED]>, Max Vozeler <[EMAIL PROTECTED]> wrote:
> Hi YAEGASHI, > > On Fri, Jun 24, 2005 at 09:49:59PM +0900, YAEGASHI Takeshi wrote: > > --- util-linux-2.12p.orig/mount/lomount.c 2005-06-24 20:39:36.073263112 > > +0900 > > +++ util-linux-2.12p/mount/lomount.c 2005-06-24 21:12:33.783174438 > > +0900 > > (...) > > > + strcpy(passwdbuff+1,pass); > > passwdbuff[0] = 'A'; > > - rmd160_hash_buffer(keybits,pass,strlen(pass)); > > - > > rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1); > > + rmd160_hash_buffer(keybits,pass,passwdlen); > > + rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,passwdlen+1); > > + memset(pass, 0, passwdlen); > > + free(passwdbuff); > > This looks like it leaves the passphrase as free'd memory on the heap. > Maybe add a memset before freeing the buffer? Yes, that would be the best practice. We should clear passwdbuff also. However, such careful attention will be in vain unless it's thorough throughout the whole source code. I feel there're still some doubtful portions in lomount.c... Thanks, -- YAEGASHI Takeshi <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
