From dd93ff381dff192f4e790df5078438497e2c36e8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 4 Aug 2002 15:40:39 +0000 Subject: passwords where not checked (you cannot check if the same buffer differs from itself). they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1) --- source3/utils/pdbedit.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 76c0196cf9..96001c450f 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -255,7 +255,7 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha { SAM_ACCOUNT *sam_pwent=NULL; struct passwd *pwd = NULL; - char *password1, *password2; + char *password1, *password2, *staticpass; ZERO_STRUCT(sam_pwent); @@ -270,15 +270,27 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha } } - password1 = getpass("new password:"); - password2 = getpass("retype new password:"); + staticpass = getpass("new password:"); + password1 = strdup(staticpass); + memset(staticpass, 0, strlen(staticpass)); + staticpass = getpass("retype new password:"); + password2 = strdup(staticpass); + memset(staticpass, 0, strlen(staticpass)); if (strcmp (password1, password2)) { - fprintf (stderr, "Passwords does not match!\n"); - pdb_free_sam (&sam_pwent); - return -1; + fprintf (stderr, "Passwords does not match!\n"); + memset(password1, 0, strlen(password1)); + SAFE_FREE(password1); + memset(password2, 0, strlen(password2)); + SAFE_FREE(password2); + pdb_free_sam (&sam_pwent); + return -1; } pdb_set_plaintext_passwd(sam_pwent, password1); + memset(password1, 0, strlen(password1)); + SAFE_FREE(password1); + memset(password2, 0, strlen(password2)); + SAFE_FREE(password2); if (fullname) pdb_set_fullname(sam_pwent, fullname); -- cgit