From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Fri, 22 Dec 2023 06:37:02 -0800
Subject: Stop using _pam_overwrite() in pam_cap.c.

It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization
is hard to account for: apparently this explicit deletion is no longer
guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM.

I've replaced its use with memset(). I'm not convinced that that will be honored
either, but remain hopeful and prefer to leave the code explicit in its intent
without a deprecation warning messing up the build log. Should some compiler
optimize it away and it leads to an exploit of some sort, it can be revealed as
a compilation bug.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 pam_cap/pam_cap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index b9419cb..3fe3b8c 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -199,7 +199,7 @@ defer:
     int i;
     for (i = 0; i < groups_n; i++) {
 	char *g = groups[i];
-	_pam_overwrite(g);
+	memset(g, 0, strlen(g));
 	_pam_drop(g);
     }
     if (groups != NULL) {
@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	   small race associated with a redundant read of the
 	   config. */
 
-	_pam_overwrite(conf_caps);
+	memset(conf_caps, 0, strlen(conf_caps));
 	_pam_drop(conf_caps);
 
 	return PAM_SUCCESS;
-- 
cgit 1.2.3-korg