projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* be more paranoid about the previous content of passvoid buffers
[citadel.git] / citadel / modules / imap / serv_imap.c
diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index 6d67b339aa7cb191ad2683aca7b27d8be992a51b..3d4fc9b93cee8e572dab2055335dc2e0cec2ef44 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -602,6 +602,7 @@ void imap_auth_plain(char *cmd)
        char pass[256];
        int result;
 
+       memset(pass, 0, sizeof(pass));
        CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd));
        safestrncpy(ident, decoded_authstring, sizeof ident);
        safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
@@ -641,6 +642,7 @@ void imap_auth_login_pass(char *cmd)
 {
        char buf[SIZ];
 
+       memset(buf, 0, sizeof(buf));
        CtdlDecodeBase64(buf, cmd, SIZ);
        if (CtdlTryPassword(buf) == pass_ok) {
                cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
Citadel server, clients, utilities