From 73a4e2f4e3f8ae5d9f3216eeee58d8c69eac04b5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Fri, 14 Aug 2009 16:08:13 +0000 Subject: [PATCH] * be more paranoid about the previous content of passvoid buffers --- citadel/modules/imap/serv_imap.c | 2 ++ citadel/modules/jabber/xmpp_sasl_service.c | 1 + citadel/modules/smtp/serv_smtp.c | 1 + citadel/user_ops.c | 1 + 4 files changed, 5 insertions(+) diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c index 6d67b339a..3d4fc9b93 100644 --- a/citadel/modules/imap/serv_imap.c +++ b/citadel/modules/imap/serv_imap.c @@ -602,6 +602,7 @@ void imap_auth_plain(char *cmd) char pass[256]; int result; + memset(pass, 0, sizeof(pass)); CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd)); safestrncpy(ident, decoded_authstring, sizeof ident); safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); @@ -641,6 +642,7 @@ void imap_auth_login_pass(char *cmd) { char buf[SIZ]; + memset(buf, 0, sizeof(buf)); CtdlDecodeBase64(buf, cmd, SIZ); if (CtdlTryPassword(buf) == pass_ok) { cprintf("%s OK authentication succeeded\r\n", IMAP->authseq); diff --git a/citadel/modules/jabber/xmpp_sasl_service.c b/citadel/modules/jabber/xmpp_sasl_service.c index 6497f8101..f425c4be2 100644 --- a/citadel/modules/jabber/xmpp_sasl_service.c +++ b/citadel/modules/jabber/xmpp_sasl_service.c @@ -62,6 +62,7 @@ int xmpp_auth_plain(char *authstring) /* Take apart the authentication string */ + memset(pass, 0, sizeof(pass)); CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring)); safestrncpy(ident, decoded_authstring, sizeof ident); diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c index 896944de6..253230739 100644 --- a/citadel/modules/smtp/serv_smtp.c +++ b/citadel/modules/smtp/serv_smtp.c @@ -316,6 +316,7 @@ void smtp_get_user(char *argbuf) { void smtp_get_pass(char *argbuf) { char password[SIZ]; + memset(password, 0, sizeof(password)); CtdlDecodeBase64(password, argbuf, SIZ); /* CtdlLogPrintf(CTDL_DEBUG, "Trying <%s>\n", password); */ if (CtdlTryPassword(password) == pass_ok) { diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 642972164..26bcb0c72 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -936,6 +936,7 @@ void cmd_pass(char *buf) char password[256]; int a; + memset(password, 0, sizeof(password)); extract_token(password, buf, 0, '|', sizeof password); a = CtdlTryPassword(password); -- 2.30.2