From 76034c1054c207aa33daffd7ad933c32e6ac5887 Mon Sep 17 00:00:00 2001 From: Gabriel Kihlman Date: Mon, 4 Feb 2019 19:50:30 +0100 Subject: [PATCH] Scrub sensitive data from memory Fixes issue #185 --- configure.ac | 14 ++++++++++++++ pam_yubico.c | 12 +++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 854b74b..d44f40a 100644 --- a/configure.ac +++ b/configure.ac @@ -159,6 +159,20 @@ if test "$gl_gcc_warnings" = yes; then gl_WARN_ADD([-fdiagnostics-show-option]) fi +# Enable more secure memset if available +AC_CHECK_FUNCS([memset_s explicit_bzero explicit_memset]) +AC_MSG_CHECKING(whether we can use inline asm code) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], + [[ + int a = 42; + int *pnt = &a; + __asm__ __volatile__ ("" : : "r"(pnt) : "memory"); + ]])], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_INLINE_ASM], [1], [inline asm code can be used])] + [AC_MSG_RESULT(no)] +) + AC_CONFIG_FILES(Makefile) AC_CONFIG_FILES(tests/Makefile) AC_OUTPUT diff --git a/pam_yubico.c b/pam_yubico.c index 09f1b56..bd23506 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -1,5 +1,5 @@ /* Written by Simon Josefsson . - * Copyright (c) 2006-2016 Yubico AB + * Copyright (c) 2006-2019 Yubico AB * Copyright (c) 2011 Tollef Fog Heen * All rights reserved. * @@ -45,6 +45,7 @@ #include "util.h" #include "drop_privs.h" +#include "ykbzero.h" #include @@ -998,7 +999,7 @@ pam_sm_authenticate (pam_handle_t * pamh, pam_strerror (pamh, retval)); goto done; } - DBG ("get password returned: %s", password); + DBG ("get password returned: /* not logged */"); } if (cfg->use_first_pass && password == NULL) @@ -1264,7 +1265,12 @@ pam_sm_authenticate (pam_handle_t * pamh, done: if (onlypasswd) - free(onlypasswd); + { + insecure_memzero(onlypasswd, strlen(onlypasswd)); + free(onlypasswd); + } + insecure_memzero(otp, sizeof(otp)); + insecure_memzero(otp_id, sizeof(otp_id)); if (templates > 0) { size_t i;