Scrub sensitive data from memory

Fixes issue #185

configure.ac

@@ -159,6 +159,20 @@ if test "$gl_gcc_warnings" = yes; then
   gl_WARN_ADD([-fdiagnostics-show-option])
 fi
 
+# Enable more secure memset if available
+AC_CHECK_FUNCS([memset_s explicit_bzero explicit_memset])
+AC_MSG_CHECKING(whether we can use inline asm code)
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+  [[
+    int a = 42;
+    int *pnt = &a;
+    __asm__ __volatile__ ("" : : "r"(pnt) : "memory");
+  ]])],
+  [AC_MSG_RESULT(yes)
+     AC_DEFINE([HAVE_INLINE_ASM], [1], [inline asm code can be used])]
+  [AC_MSG_RESULT(no)]
+)
+
 AC_CONFIG_FILES(Makefile)
 AC_CONFIG_FILES(tests/Makefile)
 AC_OUTPUT

pam_yubico.c

@@ -1,5 +1,5 @@
 /* Written by Simon Josefsson <simon@yubico.com>.
- * Copyright (c) 2006-2016 Yubico AB
+ * Copyright (c) 2006-2019 Yubico AB
  * Copyright (c) 2011 Tollef Fog Heen <tfheen@err.no>
  * All rights reserved.
  *
@@ -45,6 +45,7 @@
 
 #include "util.h"
 #include "drop_privs.h"
+#include "ykbzero.h"
 
 #include <ykclient.h>
 
@@ -998,7 +999,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
 	      pam_strerror (pamh, retval));
 	  goto done;
 	}
-      DBG ("get password returned: %s", password);
+      DBG ("get password returned: /* not logged */");
     }
 
   if (cfg->use_first_pass && password == NULL)
@@ -1264,7 +1265,12 @@ pam_sm_authenticate (pam_handle_t * pamh,
 
 done:
   if (onlypasswd)
-    free(onlypasswd);
+    {
+      insecure_memzero(onlypasswd, strlen(onlypasswd));
+      free(onlypasswd);
+    }
+  insecure_memzero(otp, sizeof(otp));
+  insecure_memzero(otp_id, sizeof(otp_id));
   if (templates > 0)
     {
       size_t i;