projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
41ba640
)
* be more paranoid about the previous content of passvoid buffers
author
Wilfried Göesgens
<willi@citadel.org>
Fri, 14 Aug 2009 16:08:13 +0000
(16:08 +0000)
committer
Wilfried Göesgens
<willi@citadel.org>
Fri, 14 Aug 2009 16:08:13 +0000
(16:08 +0000)
citadel/modules/imap/serv_imap.c
patch
|
blob
|
history
citadel/modules/jabber/xmpp_sasl_service.c
patch
|
blob
|
history
citadel/modules/smtp/serv_smtp.c
patch
|
blob
|
history
citadel/user_ops.c
patch
|
blob
|
history
diff --git
a/citadel/modules/imap/serv_imap.c
b/citadel/modules/imap/serv_imap.c
index 6d67b339aa7cb191ad2683aca7b27d8be992a51b..3d4fc9b93cee8e572dab2055335dc2e0cec2ef44 100644
(file)
--- a/
citadel/modules/imap/serv_imap.c
+++ b/
citadel/modules/imap/serv_imap.c
@@
-602,6
+602,7
@@
void imap_auth_plain(char *cmd)
char pass[256];
int result;
char pass[256];
int result;
+ memset(pass, 0, sizeof(pass));
CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd));
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd));
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
@@
-641,6
+642,7
@@
void imap_auth_login_pass(char *cmd)
{
char buf[SIZ];
{
char buf[SIZ];
+ memset(buf, 0, sizeof(buf));
CtdlDecodeBase64(buf, cmd, SIZ);
if (CtdlTryPassword(buf) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
CtdlDecodeBase64(buf, cmd, SIZ);
if (CtdlTryPassword(buf) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
diff --git
a/citadel/modules/jabber/xmpp_sasl_service.c
b/citadel/modules/jabber/xmpp_sasl_service.c
index 6497f8101ca4db4aa405ce01437b2e39304856c6..f425c4be243209efbc18d146b227eb2772357a8a 100644
(file)
--- a/
citadel/modules/jabber/xmpp_sasl_service.c
+++ b/
citadel/modules/jabber/xmpp_sasl_service.c
@@
-62,6
+62,7
@@
int xmpp_auth_plain(char *authstring)
/* Take apart the authentication string */
/* Take apart the authentication string */
+ memset(pass, 0, sizeof(pass));
CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
safestrncpy(ident, decoded_authstring, sizeof ident);
CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring));
safestrncpy(ident, decoded_authstring, sizeof ident);
diff --git
a/citadel/modules/smtp/serv_smtp.c
b/citadel/modules/smtp/serv_smtp.c
index 896944de61399f87ffa106e0ac4ee042ca76436e..2532307399cc1155b2c9db313428f1cda639c050 100644
(file)
--- a/
citadel/modules/smtp/serv_smtp.c
+++ b/
citadel/modules/smtp/serv_smtp.c
@@
-316,6
+316,7
@@
void smtp_get_user(char *argbuf) {
void smtp_get_pass(char *argbuf) {
char password[SIZ];
void smtp_get_pass(char *argbuf) {
char password[SIZ];
+ memset(password, 0, sizeof(password));
CtdlDecodeBase64(password, argbuf, SIZ);
/* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */
if (CtdlTryPassword(password) == pass_ok) {
CtdlDecodeBase64(password, argbuf, SIZ);
/* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */
if (CtdlTryPassword(password) == pass_ok) {
diff --git
a/citadel/user_ops.c
b/citadel/user_ops.c
index 642972164ca7f9d9f5cf3b235294458f2b9764da..26bcb0c7205fe596ab5302616f6291bdb0fd94b7 100644
(file)
--- a/
citadel/user_ops.c
+++ b/
citadel/user_ops.c
@@
-936,6
+936,7
@@
void cmd_pass(char *buf)
char password[256];
int a;
char password[256];
int a;
+ memset(password, 0, sizeof(password));
extract_token(password, buf, 0, '|', sizeof password);
a = CtdlTryPassword(password);
extract_token(password, buf, 0, '|', sizeof password);
a = CtdlTryPassword(password);