[Fedora-directory-commits] adminserver/admserv/cgi-src40 sec-activate.c, 1.13, 1.14 security.c, 1.19, 1.20 viewlog.c, 1.12, 1.13
Noriko Hosoi
nhosoi at fedoraproject.org
Wed Jan 28 00:05:15 UTC 2009
- Previous message (by thread): [Fedora-directory-commits] adminutil/lib/libadminutil admutil.c, 1.9, 1.10 psetc.c, 1.5, 1.6 srvutil.c, 1.6, 1.7 uginfo.c, 1.5, 1.6
- Next message (by thread): [Fedora-directory-commits] mod_admserv mod_admserv.c,1.37,1.38
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1705/admserv/cgi-src40
Modified Files:
sec-activate.c security.c viewlog.c
Log Message:
Resolves: #191834
Summary: Clean up admin password in memory when it's freed
Description: (comment #6)
Overwrote password strings with '\0's.
Index: sec-activate.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sec-activate.c 4 Dec 2008 20:01:28 -0000 1.13
+++ sec-activate.c 28 Jan 2009 00:05:13 -0000 1.14
@@ -463,6 +463,7 @@
admSetCachedSIEPWD(pwd);
+ memset(pwd, 0, strlen(pwd));
free(pwd);
return admGetCachedSIEPWD();
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- security.c 15 Dec 2008 20:06:55 -0000 1.19
+++ security.c 28 Jan 2009 00:05:13 -0000 1.20
@@ -505,7 +505,8 @@
PL_strfree(ssecurity);
PL_strfree(binddn);
if (freebindpw) {
- PL_strfree(bindpw);
+ memset(bindpw, 0, strlen(bindpw));
+ PL_strfree(bindpw);
}
}
}
Index: viewlog.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- viewlog.c 4 Dec 2008 20:01:28 -0000 1.12
+++ viewlog.c 28 Jan 2009 00:05:13 -0000 1.13
@@ -269,7 +269,9 @@
PL_strfree(ssecurity);
PL_strfree(binddn);
if (freebindpw) {
+ memset(bindpw, 0, strlen(bindpw));
PL_strfree(bindpw);
+ bindpw = NULL;
}
}
}
- Previous message (by thread): [Fedora-directory-commits] adminutil/lib/libadminutil admutil.c, 1.9, 1.10 psetc.c, 1.5, 1.6 srvutil.c, 1.6, 1.7 uginfo.c, 1.5, 1.6
- Next message (by thread): [Fedora-directory-commits] mod_admserv mod_admserv.c,1.37,1.38
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list