Skip Menu |
 

Subject: prompter users should zero out reply data before freeing it
I've been looking at the code that calls krb5_prompter_posix() and I've
noticed that the reply data (which may contain a password) is not being
zeroed out before being freed. When I look at similar code in the
Solaris libpam I notice that the reply data is being zeroed prior to
free. This seems to be a better practice security wise.
I suggest looking at every place a prompter is called and memset() the
reply data with 0 prior to it's being freed.
I'd like to point out the existence of the shiny new zapfree() macro to
anyone working on fixing this.