[dovecot-cvs] dovecot/src/login-common login-proxy.c, 1.15, 1.16 main.c, 1.44, 1.45 master.c, 1.22, 1.23 ssl-proxy-gnutls.c, 1.14, 1.15 ssl-proxy-openssl.c, 1.53, 1.54

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv12203/login-common

Modified Files:
	login-proxy.c main.c master.c ssl-proxy-gnutls.c 
	ssl-proxy-openssl.c 
Log Message:
Set login process's default_pool to system_clean_pool. Changed some
default_pool usages to system_pool directly where the cleaning doesn't
matter.



Index: login-proxy.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/login-proxy.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- login-proxy.c	21 Jan 2007 10:35:23 -0000	1.15
+++ login-proxy.c	18 Mar 2007 02:40:28 -0000	1.16
@@ -268,7 +268,7 @@
 	proxy->context = NULL;
 
 	if (login_proxies == NULL) {
-		login_proxies = hash_create(default_pool, default_pool,
+		login_proxies = hash_create(system_pool, system_pool,
 					    0, NULL, NULL);
 	}
 	hash_insert(login_proxies, proxy, proxy);

Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/main.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- main.c	18 Mar 2007 02:01:01 -0000	1.44
+++ main.c	18 Mar 2007 02:40:28 -0000	1.45
@@ -365,6 +365,12 @@
 	if (!is_inetd && getenv("GDB") == NULL)
 		fd_debug_verify_leaks(4, 1024);
 #endif
+	/* clear all allocated memory before freeing it. this makes the login
+	   processes pretty safe to reuse for new connections since the
+	   attacker won't be able to find anything interesting from the
+	   memory. */
+	default_pool = system_clean_pool;
+
 	/* NOTE: we start rooted, so keep the code minimal until
 	   restrict_access_by_env() is called */
 	lib_init();

Index: master.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/master.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- master.c	15 Mar 2007 16:52:09 -0000	1.22
+++ master.c	18 Mar 2007 02:40:28 -0000	1.23
@@ -255,7 +255,7 @@
 	main_ref();
 
 	master_fd = fd;
-	master_requests = hash_create(default_pool, default_pool,
+	master_requests = hash_create(system_pool, system_pool,
 				      0, NULL, NULL);
 
         master_pos = 0;

Index: ssl-proxy-gnutls.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-gnutls.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- ssl-proxy-gnutls.c	15 Dec 2006 18:38:23 -0000	1.14
+++ ssl-proxy-gnutls.c	18 Mar 2007 02:40:28 -0000	1.15
@@ -518,7 +518,7 @@
         gnutls_certificate_set_dh_params(x509_cred, dh_params);
         gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);
 
-        ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
+        ssl_proxies = hash_create(system_pool, system_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;
 }
 

Index: ssl-proxy-openssl.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- ssl-proxy-openssl.c	15 Mar 2007 16:52:09 -0000	1.53
+++ ssl-proxy-openssl.c	18 Mar 2007 02:40:28 -0000	1.54
@@ -747,7 +747,7 @@
 	   initialized though. */
 	(void)RAND_bytes(&buf, 1);
 
-        ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
+        ssl_proxies = hash_create(system_pool, system_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;
 }