[dovecot-cvs] dovecot/src/auth auth-plain.c,1.5,1.6 login-connection.c,1.8,1.9 userinfo-pam.c,1.7,1.8 userinfo-passwd.c,1.7,1.8 userinfo-passwd.h,1.4,1.5 userinfo-shadow.c,1.6,1.7 userinfo-vpopmail.c,1.7,1.8
cras at procontrol.fi
cras at procontrol.fi
Wed Dec 18 12:40:46 EET 2002
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv7352/auth
Modified Files:
auth-plain.c login-connection.c userinfo-pam.c
userinfo-passwd.c userinfo-passwd.h userinfo-shadow.c
userinfo-vpopmail.c
Log Message:
Added safe_memset() which guarantees that compiler optimizations don't
optimize it away. Not that we really need to clear the passwords from
memory, but won't hurt much either :)
Index: auth-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-plain.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- auth-plain.c 8 Dec 2002 05:23:07 -0000 1.5
+++ auth-plain.c 18 Dec 2002 10:40:43 -0000 1.6
@@ -1,6 +1,7 @@
/* Copyright (C) 2002 Timo Sirainen */
#include "common.h"
+#include "safe-memset.h"
#include "auth.h"
#include "cookie.h"
#include "userinfo.h"
@@ -49,7 +50,7 @@
if (*pass != '\0') {
/* make sure it's cleared */
- memset(pass, 0, strlen(pass));
+ safe_memset(pass, 0, strlen(pass));
}
}
Index: login-connection.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/login-connection.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- login-connection.c 6 Dec 2002 01:09:22 -0000 1.8
+++ login-connection.c 18 Dec 2002 10:40:43 -0000 1.9
@@ -5,6 +5,7 @@
#include "istream.h"
#include "ostream.h"
#include "network.h"
+#include "safe-memset.h"
#include "login-connection.h"
#include <stdlib.h>
@@ -106,7 +107,7 @@
conn->type = AUTH_REQUEST_NONE;
/* clear any sensitive data from memory */
- memset(data + sizeof(request), 0, request.data_size);
+ safe_memset(data + sizeof(request), 0, request.data_size);
} else {
/* unknown request */
i_error("BUG: imap-login sent us unknown request %u",
Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-pam.c 26 Nov 2002 20:55:44 -0000 1.7
+++ userinfo-pam.c 18 Dec 2002 10:40:43 -0000 1.8
@@ -125,8 +125,8 @@
while (--i >= 0) {
if ((*resp)[i].resp == NULL)
continue;
- memset((*resp)[i].resp, 0,
- strlen((*resp)[i].resp));
+ safe_memset((*resp)[i].resp, 0,
+ strlen((*resp)[i].resp));
free((*resp)[i].resp);
(*resp)[i].resp = NULL;
}
@@ -201,7 +201,7 @@
if (pw == NULL)
return FALSE;
- memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
passwd_fill_cookie_reply(pw, reply);
return TRUE;
}
Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-passwd.c 17 Dec 2002 03:00:44 -0000 1.7
+++ userinfo-passwd.c 18 Dec 2002 10:40:43 -0000 1.8
@@ -43,8 +43,8 @@
result = strcmp(mycrypt(passdup, pw->pw_passwd), pw->pw_passwd) == 0;
/* clear the passwords from memory */
- memset(passdup, 0, strlen(passdup));
- memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ safe_memset(passdup, 0, strlen(passdup));
+ safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
if (!result)
return FALSE;
Index: userinfo-passwd.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- userinfo-passwd.h 26 Nov 2002 17:56:14 -0000 1.4
+++ userinfo-passwd.h 18 Dec 2002 10:40:43 -0000 1.5
@@ -2,6 +2,7 @@
#define __USERINFO_PASSWD_H
#include "common.h"
+#include "safe-memset.h"
#include "userinfo.h"
#include <pwd.h>
Index: userinfo-shadow.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-shadow.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- userinfo-shadow.c 26 Nov 2002 17:56:14 -0000 1.6
+++ userinfo-shadow.c 18 Dec 2002 10:40:43 -0000 1.7
@@ -32,8 +32,8 @@
result = strcmp(mycrypt(passdup, spw->sp_pwdp), spw->sp_pwdp) == 0;
/* clear the passwords from memory */
- memset(passdup, 0, strlen(passdup));
- memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
+ safe_memset(passdup, 0, strlen(passdup));
+ safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
if (!result)
return FALSE;
Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-vpopmail.c 17 Dec 2002 03:00:44 -0000 1.7
+++ userinfo-vpopmail.c 18 Dec 2002 10:40:43 -0000 1.8
@@ -80,8 +80,8 @@
passdup = t_strdup_noconst(password);
result = strcmp(crypt(passdup, vpw->pw_passwd), vpw->pw_passwd) == 0;
- memset(passdup, 0, strlen(passdup));
- memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
+ safe_memset(passdup, 0, strlen(passdup));
+ safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
if (!result) {
I_DEBUG(("vpopmail: password mismatch for user %s@%s",
More information about the dovecot-cvs
mailing list