.su objects to gitignore

[pam_pcsc_cr.git] / authobj.c

diff --git a/authobj.c b/authobj.c
index b402094df224cd13651227c15e47bb9184976343..b4a1f2be26e1f3e3a284a128a5a6ba49c2aac954 100644 (file)
--- a/authobj.c
+++ b/authobj.c
@@ -126,6 +126,15 @@ make_authobj(const char *userid, const char *password, const char *nonce,
        datasize = ((secsize + paylsize + HASHSIZE + 4 * sizeof(short) - 1) /
                        CBLKSIZE + 1) * CBLKSIZE;
        data = alloca(datasize);
+       /* 
+          We allocate memory rounded up to CBLKSIZE on the stack, but do not
+          use the last bytes. Stack protectors, if enabled, fill this memory
+          with `canary` value. Later, when encryption function is called,
+          stack protector detects that it tries to access "uninitialized
+          memory". Which, while technically true, is not an error. Still,
+          let us make stack protector happy by initializing the whole area:
+        */
+       memset(data, 0, datasize);
        serial_init(&srl, data, datasize);
        if (serial_put(&srl, secret, secsize) != secsize) {
                ao.err = "authobj: serialization of secret failed";
@@ -232,6 +241,10 @@ struct _auth_obj authobj(const char *userid, const char *password,
        struct _auth_obj new_ao = {0};
 
        if (!secret || !secsize || !payload) {
+               if (!ablob || !blobsize) {
+                       new_ao.err = "authobj: previous data not supplied";
+                       return new_ao;
+               }
                old_ao = parse_authobj(userid, password, oldnonce,
                                        secret, secsize,
                                        ablob, blobsize, fetch_key);