Mercurial > dovecot > original-hg > dovecot-1.2

changeset 588:d7eb0bfd3eb5 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Whops, AUTHENTICATE data still wasn't cleared right.
author Timo Sirainen <tss@iki.fi>
date Wed, 06 Nov 2002 08:26:35 +0200
parents 6b0125b34bb1
children d1e0cbffe1e1
files src/login/client-authenticate.c src/login/client.c
diffstat 2 files changed, 5 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/login/client-authenticate.c	Wed Nov 06 08:23:49 2002 +0200
+++ b/src/login/client-authenticate.c	Wed Nov 06 08:26:35 2002 +0200
@@ -264,6 +264,9 @@
 
 	auth_continue_request(client->auth_request, (unsigned char *) line,
 			      (size_t)size);
+
+	/* clear sensitive data */
+	memset(line, 0, size);
 }
 
 int cmd_authenticate(Client *client, const char *method_name)
@@ -302,4 +305,3 @@
 
 	return TRUE;
 }
-
--- a/src/login/client.c	Wed Nov 06 08:23:49 2002 +0200
+++ b/src/login/client.c	Wed Nov 06 08:26:35 2002 +0200
@@ -162,13 +162,8 @@
 		memset(pass, 0, strlen(pass));
 		return ret;
 	}
-	if (strcmp(cmd, "AUTHENTICATE") == 0) {
-		char *data = get_next_arg(&line);
-
-		ret = cmd_authenticate(client, data);
-		memset(data, 0, strlen(data));
-		return ret;
-	}
+	if (strcmp(cmd, "AUTHENTICATE") == 0)
+		return cmd_authenticate(client, get_next_arg(&line));
 	if (strcmp(cmd, "CAPABILITY") == 0)
 		return cmd_capability(client);
 	if (strcmp(cmd, "STARTTLS") == 0)