Mercurial > dovecot > original-hg > dovecot-1.2
changeset 588:d7eb0bfd3eb5 HEAD
Whops, AUTHENTICATE data still wasn't cleared right.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 06 Nov 2002 08:26:35 +0200 |
parents | 6b0125b34bb1 |
children | d1e0cbffe1e1 |
files | src/login/client-authenticate.c src/login/client.c |
diffstat | 2 files changed, 5 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login/client-authenticate.c Wed Nov 06 08:23:49 2002 +0200 +++ b/src/login/client-authenticate.c Wed Nov 06 08:26:35 2002 +0200 @@ -264,6 +264,9 @@ auth_continue_request(client->auth_request, (unsigned char *) line, (size_t)size); + + /* clear sensitive data */ + memset(line, 0, size); } int cmd_authenticate(Client *client, const char *method_name) @@ -302,4 +305,3 @@ return TRUE; } -
--- a/src/login/client.c Wed Nov 06 08:23:49 2002 +0200 +++ b/src/login/client.c Wed Nov 06 08:26:35 2002 +0200 @@ -162,13 +162,8 @@ memset(pass, 0, strlen(pass)); return ret; } - if (strcmp(cmd, "AUTHENTICATE") == 0) { - char *data = get_next_arg(&line); - - ret = cmd_authenticate(client, data); - memset(data, 0, strlen(data)); - return ret; - } + if (strcmp(cmd, "AUTHENTICATE") == 0) + return cmd_authenticate(client, get_next_arg(&line)); if (strcmp(cmd, "CAPABILITY") == 0) return cmd_capability(client); if (strcmp(cmd, "STARTTLS") == 0)