shadow: clear the password even after a mismatch

diff --git a/shadow.c b/shadow.c
index a775b2beec88571d6e8ed44af651b58a47d084f2..53877d559a82134028b5a571ebc4eb95cd452bca 100644 (file)
--- a/shadow.c
+++ b/shadow.c
@@ -64,9 +64,14 @@ shadowauth(const char *myname, int persist)
                        "tty required for %s", myname);
                errx(1, "a tty is required");
        }
-       if ((encrypted = crypt(response, hash)) == NULL)
-               err(1, "crypt");
+       if (response == NULL)
+               err(1, "readpassphrase");
+       if ((encrypted = crypt(response, hash)) == NULL) {
+               explicit_bzero(rbuf, sizeof(rbuf));
+               errx(1, "Authorization failed");
+       }
        if (strcmp(encrypted, hash) != 0) {
+               explicit_bzero(rbuf, sizeof(rbuf));
                syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
                errx(1, "Authorization failed");
        }