3 files changed, 11 insertions, 10 deletions

diff --git a/ChangeLog b/ChangeLog
index 473013cc..72e6cedb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2008-03-05  Tomas Mraz <t8m@centrum.cz>
+
+	* modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
+	unnecessary x_strdup() of resp.
+	* modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
+	before dropping password resp.
+
 2008-03-03  Tomas Mraz <t8m@centrum.cz>
 
 	* modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 532a72b2..0c39f89d 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -642,16 +642,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 				 options.prompt_type[0]?" ":"");
 
 	    if (retval == PAM_SUCCESS) {     /* a good conversation */
-	        token1 = x_strdup(resp);
+	        token1 = resp;
                 if (token1 == NULL) {
 		    pam_syslog(pamh, LOG_NOTICE,
                                "could not recover authentication token 1");
 		    retval = PAM_AUTHTOK_RECOVERY_ERR;
 		}
-                /*
-                 * tidy up the conversation (resp_retcode) is ignored
-                 */
-                _pam_drop(resp);
             } else {
                 retval = (retval == PAM_SUCCESS) ?
                          PAM_AUTHTOK_RECOVERY_ERR:retval ;
@@ -710,16 +706,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 				 PROMPT2, options.prompt_type,
 				 options.prompt_type[0]?" ":"");
 	    if (retval == PAM_SUCCESS) {     /* a good conversation */
-	        token2 = x_strdup(resp);
+	        token2 = resp;
 	        if (token2 == NULL) {
 		    pam_syslog(pamh,LOG_NOTICE,
 			       "could not recover authentication token 2");
 		    retval = PAM_AUTHTOK_RECOVERY_ERR;
 		}
-                /*
-                 * tidy up the conversation (resp_retcode) is ignored
-                 */
-	        _pam_drop(resp);
             }
 
 	    /* No else, the a retval == PAM_SUCCESS path can change retval
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index 11cdf590..7c546511 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -162,6 +162,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 			       GUEST_LOGIN_PROMPT);
 
 	if (retval != PAM_SUCCESS) {
+	    _pam_overwrite (resp);
 	    _pam_drop (resp);
 	    return ((retval == PAM_CONV_AGAIN)
 		    ? PAM_INCOMPLETE:PAM_AUTHINFO_UNAVAIL);
@@ -200,6 +201,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 	}
 
 	/* clean up */
+	_pam_overwrite(resp);
 	_pam_drop(resp);
 
 	/* success or failure */