alex/swayfx
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

swaylock: don't memset memory that has been freed

Browse source 
swaylock is randomly crashing because we write to password that has already been
freed in pam_authenticate().
This commit is contained in:
Christoph Gysin 2016-01-23 22:43:51 +02:00
parent dab651a240
commit 071e097214
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
swaylock/main.c
View file

@ -75,7 +75,7 @@ int function_conversation(int num_msg, const struct pam_message **msg,
/** /**
* password will be zeroed out. * password will be zeroed out.
*/ */
bool verify_password(char *password) { bool verify_password() {
struct passwd *passwd = getpwuid(getuid()); struct passwd *passwd = getpwuid(getuid());
char *username = passwd->pw_name; char *username = passwd->pw_name;
@ -86,14 +86,11 @@ bool verify_password(char *password) {
sway_abort("PAM returned %d\n", pam_err); sway_abort("PAM returned %d\n", pam_err);
} }
if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) {
memset(password, 0, strlen(password));
return false; return false;
} }
if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) {
memset(password, 0, strlen(password));
return false; return false;
} }
memset(password, 0, strlen(password));
return true; return true;
} }
@ -101,9 +98,11 @@ void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t cod
if (state == WL_KEYBOARD_KEY_STATE_PRESSED) { if (state == WL_KEYBOARD_KEY_STATE_PRESSED) {
switch (sym) { switch (sym) {
case XKB_KEY_Return: case XKB_KEY_Return:
if (verify_password(password)) { if (verify_password()) {
exit(0); exit(0);
} }
password = malloc(1024); // TODO: Let this grow
password[0] = '\0';
break; break;
default: default:
{ {