projects / citadel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 41ba640)
* be more paranoid about the previous content of passvoid buffers
authorWilfried Göesgens <willi@citadel.org>
Fri, 14 Aug 2009 16:08:13 +0000 (16:08 +0000)
committerWilfried Göesgens <willi@citadel.org>
Fri, 14 Aug 2009 16:08:13 +0000 (16:08 +0000)
citadel/modules/imap/serv_imap.c patch | blob | history
citadel/modules/jabber/xmpp_sasl_service.c patch | blob | history
citadel/modules/smtp/serv_smtp.c patch | blob | history
citadel/user_ops.c patch | blob | history

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index 6d67b339aa7cb191ad2683aca7b27d8be992a51b..3d4fc9b93cee8e572dab2055335dc2e0cec2ef44 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -602,6 +602,7 @@ void imap_auth_plain(char *cmd)
        char pass[256];
        int result;
 
+       memset(pass, 0, sizeof(pass));
        CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd));
        safestrncpy(ident, decoded_authstring, sizeof ident);
        safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
@@ -641,6 +642,7 @@ void imap_auth_login_pass(char *cmd)
 {
        char buf[SIZ];
 
+       memset(buf, 0, sizeof(buf));
        CtdlDecodeBase64(buf, cmd, SIZ);
        if (CtdlTryPassword(buf) == pass_ok) {
                cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
diff --git a/citadel/modules/jabber/xmpp_sasl_service.c b/citadel/modules/jabber/xmpp_sasl_service.c
index 6497f8101ca4db4aa405ce01437b2e39304856c6..f425c4be243209efbc18d146b227eb2772357a8a 100644 (file)
--- a/citadel/modules/jabber/xmpp_sasl_service.c
+++ b/citadel/modules/jabber/xmpp_sasl_service.c
@@ -62,6 +62,7 @@ int xmpp_auth_plain(char *authstring)
 
 
        /* Take apart the authentication string */
+       memset(pass, 0, sizeof(pass));
 
        CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
        safestrncpy(ident, decoded_authstring, sizeof ident);
diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c
index 896944de61399f87ffa106e0ac4ee042ca76436e..2532307399cc1155b2c9db313428f1cda639c050 100644 (file)
--- a/citadel/modules/smtp/serv_smtp.c
+++ b/citadel/modules/smtp/serv_smtp.c
@@ -316,6 +316,7 @@ void smtp_get_user(char *argbuf) {
 void smtp_get_pass(char *argbuf) {
        char password[SIZ];
 
+       memset(password, 0, sizeof(password));  
        CtdlDecodeBase64(password, argbuf, SIZ);
        /* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */
        if (CtdlTryPassword(password) == pass_ok) {
diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 642972164ca7f9d9f5cf3b235294458f2b9764da..26bcb0c7205fe596ab5302616f6291bdb0fd94b7 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -936,6 +936,7 @@ void cmd_pass(char *buf)
        char password[256];
        int a;
 
+       memset(password, 0, sizeof(password));
        extract_token(password, buf, 0, '|', sizeof password);
        a = CtdlTryPassword(password);
 
Citadel server, clients, utilities