[dovecot-cvs] dovecot/src/login client-authenticate.c,1.12,1.13 client.c,1.10,1.11

[cras at procontrol.fi]

Update of /home/cvs/dovecot/src/login
In directory danu:/tmp/cvs-serv26820

Modified Files:
	client-authenticate.c client.c 
Log Message:
Whops, AUTHENTICATE data still wasn't cleared right.



Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client-authenticate.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- client-authenticate.c	3 Nov 2002 08:03:05 -0000	1.12
+++ client-authenticate.c	6 Nov 2002 06:26:35 -0000	1.13
@@ -264,6 +264,9 @@
 
 	auth_continue_request(client->auth_request, (unsigned char *) line,
 			      (size_t)size);
+
+	/* clear sensitive data */
+	memset(line, 0, size);
 }
 
 int cmd_authenticate(Client *client, const char *method_name)
@@ -302,4 +305,3 @@
 
 	return TRUE;
 }
-

Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- client.c	6 Nov 2002 06:23:49 -0000	1.10
+++ client.c	6 Nov 2002 06:26:35 -0000	1.11
@@ -162,13 +162,8 @@
 		memset(pass, 0, strlen(pass));
 		return ret;
 	}
-	if (strcmp(cmd, "AUTHENTICATE") == 0) {
-		char *data = get_next_arg(&line);
-
-		ret = cmd_authenticate(client, data);
-		memset(data, 0, strlen(data));
-		return ret;
-	}
+	if (strcmp(cmd, "AUTHENTICATE") == 0)
+		return cmd_authenticate(client, get_next_arg(&line));
 	if (strcmp(cmd, "CAPABILITY") == 0)
 		return cmd_capability(client);
 	if (strcmp(cmd, "STARTTLS") == 0)