summaryrefslogtreecommitdiff
path: root/src/crypt_sha256.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypt_sha256.c')
-rw-r--r--src/crypt_sha256.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/crypt_sha256.c b/src/crypt_sha256.c
index c99cbfd..eff5eac 100644
--- a/src/crypt_sha256.c
+++ b/src/crypt_sha256.c
@@ -17,7 +17,7 @@
#define LEN_SHA_STR 9
#define LEN_FINAL_PASSWD LEN_ENC64 + LEN_SHA_STR
-char* get_crypt_sha256(const char *p)
+char* get_crypt_sha256(char *p)
{
int rand_fd;
ssize_t size;
@@ -32,6 +32,7 @@ char* get_crypt_sha256(const char *p)
rand_fd = open(RAND_FILE, O_RDONLY);
if (rand_fd < 0) {
fprintf(stderr, "impossible to open " RAND_FILE "\n");
+ memset(p, 0, len);
exit(EXIT_FAILURE);
}
@@ -39,6 +40,7 @@ char* get_crypt_sha256(const char *p)
close(rand_fd);
if (size != LEN_SALT) {
fprintf(stderr, "failed to read from " RAND_FILE "\n");
+ memset(p, 0, len);
exit(EXIT_FAILURE);
}
@@ -49,6 +51,10 @@ char* get_crypt_sha256(const char *p)
memcpy(passwd_buff, sha_pwd, SHA256_DIGEST_LENGTH);
memcpy(passwd_buff + SHA256_DIGEST_LENGTH, salt+len, LEN_SALT);
+ /* clear plaintext passwd copy */
+ memset(salt, 0, len + LEN_SALT);
+ free(salt);
+
EVP_EncodeBlock(enc64_pwd, passwd_buff,
SHA256_DIGEST_LENGTH + LEN_SALT);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 10:08:20 +0000