On 6.7.2004, at 08:28, Andrey Panin wrote:
Problem found: client->auth_id structure passed to auth_client_request_new() isn't filled anywhere. Attached patch fixes it, it also fixes dovecot-auth crash when username is not found in userdb.
Please consider applying.
Thanks. One thing though:
safe_memset((void *) credentials, 0, strlen(credentials));
credentials parameter is a pointer given by passdb. It's const because it's not supposed to be modified as it could be a pointer to permanent location of the password, as it is with eg. passwd-file. If it's wanted to be cleared after use, it's passdb's job. The reason why eg. mech-plain does a safe_memset() is because it does a temporary copy of the password given by user.
I don't think all passdbs clear the passwords as much as they could, maybe I'll look one day and try to get them all cleared. Anyway, there's two reasons why the passwords are cleared:
More importantly, the plaintext passwords (and equilevants) sent by user should be cleared. The server contains only crypted versions of the password, so it's better to avoid leaking the plaintext password as much as possible. So if someone cracks the dovecot-auth, the attacker don't find lots of plaintext passwords lying around in process memory.
The other reason is just that it's better to avoid storing passwords into swap if possible. Although we could do better here too by using mlock(). Probably not worth the trouble.