[dovecot-cvs] dovecot/src/login client-authenticate.c,1.20,1.21 client.c,1.17,1.18
cras at procontrol.fi
cras at procontrol.fi
Wed Dec 18 12:40:46 EET 2002
- Previous message: [dovecot-cvs] dovecot/src/lib safe-memset.c,NONE,1.1 safe-memset.h,NONE,1.1 Makefile.am,1.20,1.21
- Next message: [dovecot-cvs] dovecot/src/auth auth-plain.c,1.5,1.6 login-connection.c,1.8,1.9 userinfo-pam.c,1.7,1.8 userinfo-passwd.c,1.7,1.8 userinfo-passwd.h,1.4,1.5 userinfo-shadow.c,1.6,1.7 userinfo-vpopmail.c,1.7,1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/login
In directory danu:/tmp/cvs-serv7352/login
Modified Files:
client-authenticate.c client.c
Log Message:
Added safe_memset() which guarantees that compiler optimizations don't
optimize it away. Not that we really need to clear the passwords from
memory, but won't hurt much either :)
Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client-authenticate.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- client-authenticate.c 8 Dec 2002 05:23:08 -0000 1.20
+++ client-authenticate.c 18 Dec 2002 10:40:43 -0000 1.21
@@ -6,6 +6,7 @@
#include "ioloop.h"
#include "istream.h"
#include "ostream.h"
+#include "safe-memset.h"
#include "temp-string.h"
#include "auth-connection.h"
#include "client.h"
@@ -267,10 +268,10 @@
}
/* clear sensitive data */
- memset(line, 0, linelen);
+ safe_memset(line, 0, linelen);
bufsize = buffer_get_used_size(buf);
- memset(buffer_free_without_data(buf), 0, bufsize);
+ safe_memset(buffer_free_without_data(buf), 0, bufsize);
t_pop();
}
Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/client.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- client.c 8 Dec 2002 05:23:08 -0000 1.17
+++ client.c 18 Dec 2002 10:40:43 -0000 1.18
@@ -7,6 +7,7 @@
#include "istream.h"
#include "ostream.h"
#include "process-title.h"
+#include "safe-memset.h"
#include "client.h"
#include "client-authenticate.h"
#include "ssl-proxy.h"
@@ -180,7 +181,7 @@
pass = get_next_arg(&line);
ret = cmd_login(client, user, pass);
- memset(pass, 0, strlen(pass));
+ safe_memset(pass, 0, strlen(pass));
return ret;
}
if (strcmp(cmd, "AUTHENTICATE") == 0)
- Previous message: [dovecot-cvs] dovecot/src/lib safe-memset.c,NONE,1.1 safe-memset.h,NONE,1.1 Makefile.am,1.20,1.21
- Next message: [dovecot-cvs] dovecot/src/auth auth-plain.c,1.5,1.6 login-connection.c,1.8,1.9 userinfo-pam.c,1.7,1.8 userinfo-passwd.c,1.7,1.8 userinfo-passwd.h,1.4,1.5 userinfo-shadow.c,1.6,1.7 userinfo-vpopmail.c,1.7,1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list