From: Selva Nair <selva.n...@gmail.com>
This adds a minimal secure_memzero()
Signed-off-by: Selva Nair <selva.n...@gmail.com>
---
src/plugins/auth-pam/auth-pam.c | 2 ++
src/plugins/auth-pam/utils.h | 16 ++++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index d3e2c89..10622fd 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -799,8 +799,10 @@ pam_server(int fd, const char *service, int verb, const
struct name_value_list *
command);
goto done;
}
+ secure_memzero(up.password, sizeof(up.password));
}
done:
+ secure_memzero(up.password, sizeof(up.password));
#ifdef USE_PAM_DLOPEN
dlclose_pam();
diff --git a/src/plugins/auth-pam/utils.h b/src/plugins/auth-pam/utils.h
index fbc9705..c1fa3ee 100644
--- a/src/plugins/auth-pam/utils.h
+++ b/src/plugins/auth-pam/utils.h
@@ -63,4 +63,20 @@ get_env(const char *name, const char *envp[]);
int
string_array_len(const char *array[]);
+/**
+ * Securely zero memory without letting optimized away by the compiler
+ *
+ * @param data Pointer to data to fill with zero
+ * @param len Length of data, in bytes.
+ */
+inline void
+secure_memzero(void *data, size_t len)
+{
+ volatile char *p = (volatile char *) data;
+ while (len--)
+ {
+ *p++ = 0;
+ }
+}
+
#endif
--
2.1.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
