From 58b6e97a9eef866e9e479fb781aaaf59fb11ef36 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon Apr 25 12:17:40 2022 +0200 Subject: [PATCH 1/2] passwd: erase password copy on all error branches CVE: CVE-2023-4641 Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/58b6e97a9eef866e9e479fb781aaaf59fb11ef36] Signed-off-by: Soumya Sambu --- src/passwd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/passwd.c b/src/passwd.c index 80531ec..8c6f81a 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw) cp = getpass (_("New password: ")); if (NULL == cp) { memzero (orig, sizeof orig); + memzero (pass, sizeof pass); return -1; } if (warned && (strcmp (pass, cp) != 0)) { @@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw) cp = getpass (_("Re-enter new password: ")); if (NULL == cp) { memzero (orig, sizeof orig); + memzero (pass, sizeof pass); return -1; } if (strcmp (cp, pass) != 0) { -- 2.40.0