Permalink
Browse files

Zero the password

Also add a comment about the passwd.size since reviewing it resulted in
a WTF moment.
  • Loading branch information...
1 parent 42f387a commit 55a4c382e89c82e3a5fd9111237fbe9ef2cee7d0 @msantos committed Dec 29, 2010
Showing with 4 additions and 0 deletions.
  1. +4 −0 c_src/cerck.c
View
@@ -30,6 +30,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <crack.h>
+#include <string.h>
#include "erl_nif.h"
@@ -106,13 +107,16 @@ nif_check(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
if (!enif_realloc_binary(&path, path.size+1))
return atom_enomem;
+ /* passwd.size is now equal to old passwd.size+1 */
passwd.data[passwd.size-1] = '\0';
path.data[path.size-1] = '\0';
enif_mutex_lock(priv->lock);
err = (char *)FascistCheck((char *)passwd.data, (char *)path.data);
enif_mutex_unlock(priv->lock);
+ (void)memset(passwd.data, '\0', passwd.size);
+
enif_release_binary(&passwd);
enif_release_binary(&path);

0 comments on commit 55a4c38

Please sign in to comment.