[dovecot-cvs] dovecot/src/login client-authenticate.c,1.12,1.13 client.c,1.10,1.11
cras at procontrol.fi
cras at procontrol.fi
Wed Nov 6 08:26:38 EET 2002
Update of /home/cvs/dovecot/src/login
In directory danu:/tmp/cvs-serv26820
Modified Files:
client-authenticate.c client.c
Log Message:
Whops, AUTHENTICATE data still wasn't cleared right.
Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client-authenticate.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- client-authenticate.c 3 Nov 2002 08:03:05 -0000 1.12
+++ client-authenticate.c 6 Nov 2002 06:26:35 -0000 1.13
@@ -264,6 +264,9 @@
auth_continue_request(client->auth_request, (unsigned char *) line,
(size_t)size);
+
+ /* clear sensitive data */
+ memset(line, 0, size);
}
int cmd_authenticate(Client *client, const char *method_name)
@@ -302,4 +305,3 @@
return TRUE;
}
-
Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- client.c 6 Nov 2002 06:23:49 -0000 1.10
+++ client.c 6 Nov 2002 06:26:35 -0000 1.11
@@ -162,13 +162,8 @@
memset(pass, 0, strlen(pass));
return ret;
}
- if (strcmp(cmd, "AUTHENTICATE") == 0) {
- char *data = get_next_arg(&line);
-
- ret = cmd_authenticate(client, data);
- memset(data, 0, strlen(data));
- return ret;
- }
+ if (strcmp(cmd, "AUTHENTICATE") == 0)
+ return cmd_authenticate(client, get_next_arg(&line));
if (strcmp(cmd, "CAPABILITY") == 0)
return cmd_capability(client);
if (strcmp(cmd, "STARTTLS") == 0)
More information about the dovecot-cvs
mailing list