Be paranoid and zero out passwd

PR: 122070 Submitted by: Steven Kreuzer <skreuzer@exit2shell.com> Reminded by: gnn@ MFC after: 3 days
2008-11-06 04:53:02 +00:00 · 2008-11-06 04:53:02 +00:00 · f1225346f4
commit f1225346f4
parent 63117b74b1
1 changed files with 2 additions and 0 deletions
--- a/usr.sbin/cron/crontab/crontab.c
+++ b/usr.sbin/cron/crontab/crontab.c
@ -138,6 +138,7 @@ parse_args(argc, argv)

 	if (!(pw = getpwuid(getuid())))
 		errx(ERROR_EXIT, "your UID isn't in the passwd file, bailing out");
+	bzero(pw->pw_passwd, strlen(pw->pw_passwd));
 	(void) strncpy(User, pw->pw_name, (sizeof User)-1);
 	User[(sizeof User)-1] = '\0';
 	strcpy(RealUser, User);
@ -154,6 +155,7 @@ parse_args(argc, argv)
 				errx(ERROR_EXIT, "must be privileged to use -u");
 			if (!(pw = getpwnam(optarg)))
 				errx(ERROR_EXIT, "user `%s' unknown", optarg);
+			bzero(pw->pw_passwd, strlen(pw->pw_passwd));
 			(void) strncpy(User, pw->pw_name, (sizeof User)-1);
 			User[(sizeof User)-1] = '\0';
 			break;