Skip to content

Commit 5e19b6c

Browse files
committed
Clear afs key and token before returning and fix comment after #endif
Reported by Maiquel Paiva
1 parent 107fdb6 commit 5e19b6c

1 file changed

Lines changed: 11 additions & 5 deletions

File tree

  • plugins/sudoers/auth

plugins/sudoers/auth/afs.c

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ sudo_afs_verify(const struct sudoers_context *ctx, struct passwd *pw,
4545
{
4646
struct ktc_encryptionKey afs_key;
4747
struct ktc_token afs_token;
48+
int ret = AUTH_FAILURE;
4849
debug_decl(sudo_afs_verify, SUDOERS_DEBUG_AUTH);
4950

5051
if (IS_NONINTERACTIVE(auth))
@@ -61,8 +62,10 @@ sudo_afs_verify(const struct sudoers_context *ctx, struct passwd *pw,
6162
&afs_key, /* key (contains password) */
6263
0, /* lifetime */
6364
&afs_token, /* token */
64-
0) == 0) /* new */
65-
debug_return_int(AUTH_SUCCESS);
65+
0) == 0) { /* new */
66+
ret = AUTH_SUCCESS;
67+
goto done;
68+
}
6669

6770
/* Fall back on old method XXX - needed? */
6871
setpag();
@@ -75,9 +78,12 @@ sudo_afs_verify(const struct sudoers_context *ctx, struct passwd *pw,
7578
NULL, /* expiration ptr (unused) */
7679
0, /* spare */
7780
NULL) == 0) /* reason */
78-
debug_return_int(AUTH_SUCCESS);
81+
ret = AUTH_SUCCESS;
7982

80-
debug_return_int(AUTH_FAILURE);
83+
done:
84+
explicit_bzero(&afs_key, sizeof(afs_key));
85+
explicit_bzero(&afs_token, sizeof(afs_token));
86+
debug_return_int(ret);
8187
}
8288

83-
#endif HAVE_AFS
89+
#endif /* HAVE_AFS */

0 commit comments

Comments
 (0)