X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=authobj.c;h=deba02868152e70a575194b452ac828d1d1e903f;hp=b402094df224cd13651227c15e47bb9184976343;hb=94cf335f2ec8f4e19250b873aba7ee4eddd7c0d2;hpb=91db7a622b66e0219c6dbce650aaa74272493a08

diff --git a/authobj.c b/authobj.c
index b402094..deba028 100644
--- a/authobj.c
+++ b/authobj.c
@@ -126,6 +126,15 @@ make_authobj(const char *userid, const char *password, const char *nonce,
 	datasize = ((secsize + paylsize + HASHSIZE + 4 * sizeof(short) - 1) /
 			CBLKSIZE + 1) * CBLKSIZE;
 	data = alloca(datasize);
+	/* 
+	   We allocate memory rounded up to CBLKSIZE on the stack, but do not
+	   use the last bytes. Stack protectors, if enabled, fill this memory
+	   with `canary` value. Later, when encryption function is called,
+	   stack protector detects that it tries to access "uninitialized
+	   memory". Which, while technically true, is not an error. Still,
+	   let us make stack protector happy by initializing the whole area:
+	 */
+	memset(data, 0, datasize);
 	serial_init(&srl, data, datasize);
 	if (serial_put(&srl, secret, secsize) != secsize) {
 		ao.err = "authobj: serialization of secret failed";