summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2002-08-04 15:40:39 +0000
committerSimo Sorce <idra@samba.org>2002-08-04 15:40:39 +0000
commitdd93ff381dff192f4e790df5078438497e2c36e8 (patch)
tree3bae1093fe107f87c9342a29caf793f22c14b571 /source3/utils
parent918e681894c5102407a9bfd1790d113cb6926894 (diff)
downloadsamba-dd93ff381dff192f4e790df5078438497e2c36e8.tar.gz
samba-dd93ff381dff192f4e790df5078438497e2c36e8.tar.bz2
samba-dd93ff381dff192f4e790df5078438497e2c36e8.zip
passwords where not checked (you cannot check if the same buffer differs from itself).
they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/pdbedit.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 76c0196cf9..96001c450f 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -255,7 +255,7 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha
{
SAM_ACCOUNT *sam_pwent=NULL;
struct passwd *pwd = NULL;
- char *password1, *password2;
+ char *password1, *password2, *staticpass;
ZERO_STRUCT(sam_pwent);
@@ -270,15 +270,27 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha
}
}
- password1 = getpass("new password:");
- password2 = getpass("retype new password:");
+ staticpass = getpass("new password:");
+ password1 = strdup(staticpass);
+ memset(staticpass, 0, strlen(staticpass));
+ staticpass = getpass("retype new password:");
+ password2 = strdup(staticpass);
+ memset(staticpass, 0, strlen(staticpass));
if (strcmp (password1, password2)) {
- fprintf (stderr, "Passwords does not match!\n");
- pdb_free_sam (&sam_pwent);
- return -1;
+ fprintf (stderr, "Passwords does not match!\n");
+ memset(password1, 0, strlen(password1));
+ SAFE_FREE(password1);
+ memset(password2, 0, strlen(password2));
+ SAFE_FREE(password2);
+ pdb_free_sam (&sam_pwent);
+ return -1;
}
pdb_set_plaintext_passwd(sam_pwent, password1);
+ memset(password1, 0, strlen(password1));
+ SAFE_FREE(password1);
+ memset(password2, 0, strlen(password2));
+ SAFE_FREE(password2);
if (fullname)
pdb_set_fullname(sam_pwent, fullname);