diff options
author | Simo Sorce <idra@samba.org> | 2002-08-04 15:40:39 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2002-08-04 15:40:39 +0000 |
commit | dd93ff381dff192f4e790df5078438497e2c36e8 (patch) | |
tree | 3bae1093fe107f87c9342a29caf793f22c14b571 /source3/utils | |
parent | 918e681894c5102407a9bfd1790d113cb6926894 (diff) | |
download | samba-dd93ff381dff192f4e790df5078438497e2c36e8.tar.gz samba-dd93ff381dff192f4e790df5078438497e2c36e8.tar.bz2 samba-dd93ff381dff192f4e790df5078438497e2c36e8.zip |
passwords where not checked (you cannot check if the same buffer differs from itself).
they where alo not clean after use!
Simo.
(This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/pdbedit.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 76c0196cf9..96001c450f 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -255,7 +255,7 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha { SAM_ACCOUNT *sam_pwent=NULL; struct passwd *pwd = NULL; - char *password1, *password2; + char *password1, *password2, *staticpass; ZERO_STRUCT(sam_pwent); @@ -270,15 +270,27 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha } } - password1 = getpass("new password:"); - password2 = getpass("retype new password:"); + staticpass = getpass("new password:"); + password1 = strdup(staticpass); + memset(staticpass, 0, strlen(staticpass)); + staticpass = getpass("retype new password:"); + password2 = strdup(staticpass); + memset(staticpass, 0, strlen(staticpass)); if (strcmp (password1, password2)) { - fprintf (stderr, "Passwords does not match!\n"); - pdb_free_sam (&sam_pwent); - return -1; + fprintf (stderr, "Passwords does not match!\n"); + memset(password1, 0, strlen(password1)); + SAFE_FREE(password1); + memset(password2, 0, strlen(password2)); + SAFE_FREE(password2); + pdb_free_sam (&sam_pwent); + return -1; } pdb_set_plaintext_passwd(sam_pwent, password1); + memset(password1, 0, strlen(password1)); + SAFE_FREE(password1); + memset(password2, 0, strlen(password2)); + SAFE_FREE(password2); if (fullname) pdb_set_fullname(sam_pwent, fullname); |