[dovecot-cvs] dovecot/src/auth auth-plain.c,1.5,1.6 login-connection.c,1.8,1.9 userinfo-pam.c,1.7,1.8 userinfo-passwd.c,1.7,1.8 userinfo-passwd.h,1.4,1.5 userinfo-shadow.c,1.6,1.7 userinfo-vpopmail.c,1.7,1.8

[cras at procontrol.fi]

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv7352/auth

Modified Files:
	auth-plain.c login-connection.c userinfo-pam.c 
	userinfo-passwd.c userinfo-passwd.h userinfo-shadow.c 
	userinfo-vpopmail.c 
Log Message:
Added safe_memset() which guarantees that compiler optimizations don't
optimize it away. Not that we really need to clear the passwords from
memory, but won't hurt much either :)



Index: auth-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-plain.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- auth-plain.c	8 Dec 2002 05:23:07 -0000	1.5
+++ auth-plain.c	18 Dec 2002 10:40:43 -0000	1.6
@@ -1,6 +1,7 @@
 /* Copyright (C) 2002 Timo Sirainen */
 
 #include "common.h"
+#include "safe-memset.h"
 #include "auth.h"
 #include "cookie.h"
 #include "userinfo.h"
@@ -49,7 +50,7 @@
 
 		if (*pass != '\0') {
 			/* make sure it's cleared */
-			memset(pass, 0, strlen(pass));
+			safe_memset(pass, 0, strlen(pass));
 		}
 	}
 

Index: login-connection.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/login-connection.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- login-connection.c	6 Dec 2002 01:09:22 -0000	1.8
+++ login-connection.c	18 Dec 2002 10:40:43 -0000	1.9
@@ -5,6 +5,7 @@
 #include "istream.h"
 #include "ostream.h"
 #include "network.h"
+#include "safe-memset.h"
 #include "login-connection.h"
 
 #include <stdlib.h>
@@ -106,7 +107,7 @@
 		conn->type = AUTH_REQUEST_NONE;
 
 		/* clear any sensitive data from memory */
-		memset(data + sizeof(request), 0, request.data_size);
+		safe_memset(data + sizeof(request), 0, request.data_size);
 	} else {
 		/* unknown request */
 		i_error("BUG: imap-login sent us unknown request %u",

Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-pam.c	26 Nov 2002 20:55:44 -0000	1.7
+++ userinfo-pam.c	18 Dec 2002 10:40:43 -0000	1.8
@@ -125,8 +125,8 @@
 			while (--i >= 0) {
 				if ((*resp)[i].resp == NULL)
 					continue;
-				memset((*resp)[i].resp, 0,
-				       strlen((*resp)[i].resp));
+				safe_memset((*resp)[i].resp, 0,
+					    strlen((*resp)[i].resp));
 				free((*resp)[i].resp);
 				(*resp)[i].resp = NULL;
 			}
@@ -201,7 +201,7 @@
 	if (pw == NULL)
 		return FALSE;
 
-	memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+	safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
 	passwd_fill_cookie_reply(pw, reply);
 	return TRUE;
 }

Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-passwd.c	17 Dec 2002 03:00:44 -0000	1.7
+++ userinfo-passwd.c	18 Dec 2002 10:40:43 -0000	1.8
@@ -43,8 +43,8 @@
 	result = strcmp(mycrypt(passdup, pw->pw_passwd), pw->pw_passwd) == 0;
 
 	/* clear the passwords from memory */
-	memset(passdup, 0, strlen(passdup));
-	memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+	safe_memset(passdup, 0, strlen(passdup));
+	safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
 
 	if (!result)
 		return FALSE;

Index: userinfo-passwd.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- userinfo-passwd.h	26 Nov 2002 17:56:14 -0000	1.4
+++ userinfo-passwd.h	18 Dec 2002 10:40:43 -0000	1.5
@@ -2,6 +2,7 @@
 #define __USERINFO_PASSWD_H
 
 #include "common.h"
+#include "safe-memset.h"
 #include "userinfo.h"
 
 #include <pwd.h>

Index: userinfo-shadow.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-shadow.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- userinfo-shadow.c	26 Nov 2002 17:56:14 -0000	1.6
+++ userinfo-shadow.c	18 Dec 2002 10:40:43 -0000	1.7
@@ -32,8 +32,8 @@
 	result = strcmp(mycrypt(passdup, spw->sp_pwdp), spw->sp_pwdp) == 0;
 
 	/* clear the passwords from memory */
-	memset(passdup, 0, strlen(passdup));
-	memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
+	safe_memset(passdup, 0, strlen(passdup));
+	safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
 
 	if (!result)
 		return FALSE;

Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-vpopmail.c	17 Dec 2002 03:00:44 -0000	1.7
+++ userinfo-vpopmail.c	18 Dec 2002 10:40:43 -0000	1.8
@@ -80,8 +80,8 @@
         passdup = t_strdup_noconst(password);
 	result = strcmp(crypt(passdup, vpw->pw_passwd), vpw->pw_passwd) == 0;
 
-	memset(passdup, 0, strlen(passdup));
-	memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
+	safe_memset(passdup, 0, strlen(passdup));
+	safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
 
 	if (!result) {
 		I_DEBUG(("vpopmail: password mismatch for user %s@%s",