[dovecot-cvs] dovecot/src/auth auth-plain.c,1.3,1.4 login-connection.c,1.6,1.7

Wed Nov 6 08:01:00 EET 2002

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv19503

Modified Files:
	auth-plain.c login-connection.c 
Log Message:
Plaintext passwords weren't cleared from memory after use.



Index: auth-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-plain.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4

--- auth-plain.c	8 Sep 2002 14:39:05 -0000	1.3
+++ auth-plain.c	6 Nov 2002 06:00:58 -0000	1.4
@@ -12,8 +12,9 @@
 {
 	AuthCookieReplyData *cookie_reply = cookie->context;
 	AuthReplyData reply;
-	const char *user, *pass;
-	size_t i, count;
+	const char *user;
+	char *pass;
+	size_t i, count, len;
 
 	/* initialize reply */
 	memset(&reply, 0, sizeof(reply));
@@ -26,13 +27,16 @@
 	pass = NULL;
 	count = 0;
 	for (i = 0; i < request->data_size; i++) {
-		if (data[i] == '\0') {
-			if (++count == 2) {
-				pass = i+1 == request->data_size ? "" :
-					t_strndup((const char *) data + i + 1,
-						  request->data_size - i - 1);
-				break;
+		if (data[i] == '\0' && ++count == 2) {
+			if (i+1 == request->data_size)
+				pass = "";
+			else {
+				len = request->data_size - (i+1);
+				pass = t_malloc(len+1);
+				memcpy(pass, (const char *) data + (i+1), len);
+				pass[len] = '\0';
 			}
+			break;
 		}
 	}
 
@@ -40,6 +44,11 @@
 		if (userinfo->verify_plain(user, pass, cookie_reply)) {
 			cookie_reply->success = TRUE;
 			reply.result = AUTH_RESULT_SUCCESS;
+		}
+
+		if (*pass != '\0') {
+			/* make sure it's cleared */
+			memset(pass, 0, strlen(pass));
 		}
 	}
 

Index: login-connection.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/login-connection.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- login-connection.c	28 Oct 2002 04:18:26 -0000	1.6
+++ login-connection.c	6 Nov 2002 06:00:58 -0000	1.7
@@ -47,7 +47,7 @@
 			IO io __attr_unused__)
 {
 	LoginConnection *conn  = context;
-        const unsigned char *data;
+        unsigned char *data;
 	size_t size;
 
 	switch (i_buffer_read(conn->inbuf)) {
@@ -65,7 +65,7 @@
 		return;
 	}
 
-	data = i_buffer_get_data(conn->inbuf, &size);
+	data = i_buffer_get_modifyable_data(conn->inbuf, &size);
 	if (size < sizeof(AuthRequestType))
 		return;
 
@@ -104,6 +104,9 @@
 		auth_continue_request(&request, data + sizeof(request),
 				      request_callback, conn);
 		conn->type = AUTH_REQUEST_NONE;
+
+		/* clear any sensitive data from memory */
+		memset(data + sizeof(request), 0, request.data_size);
 	} else {
 		/* unknown request */
 		i_error("BUG: imap-login sent us unknown request %u",


