This should make leaking end of /etc/shadow file more unlikely. Notice that there is now way to tell to editors they should ensure none it does not leak any buffers, drop cores, and so on, when editing sensitive data. In short this change is addressing the issue only partially. Signed-off-by: Sami Kerola <kerolasa@xxxxxx> --- login-utils/vipw.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/login-utils/vipw.c b/login-utils/vipw.c index 5999d8d15..b7650de8b 100644 --- a/login-utils/vipw.c +++ b/login-utils/vipw.c @@ -100,6 +100,9 @@ static void copyfile(int from, int to) if (nr < 0) pw_error(orig_file, 1, 1); +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(buf, sizeof(buf)); +#endif } static void pw_init(void) -- 2.13.3 -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
