If the prompt is hidden or a password is sent with -U, zero it before freeing

it.
author: Nicholas Marriott <nicholas.marriott@gmail.com> 2009-06-25 15:55:34 +0000
committer: Nicholas Marriott <nicholas.marriott@gmail.com> 2009-06-25 15:55:34 +0000
commit: 418128bebc5b8025d195f20bccbf618a8b0848d4 (patch)
tree: e18a4f1f34fb8b22856d82382c00007abf69e4ef /server-msg.c
parent: 63b38ef62818462fa9b885b3a2ff056bdbd30773 (diff)
download: rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.tar.gz
rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.tar.bz2
rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/server-msg.c b/server-msg.c
index 87a8d68a..af96c07e 100644
--- a/server-msg.c
+++ b/server-msg.c
@@ -1,4 +1,4 @@
-/* $Id: server-msg.c,v 1.66 2009-05-04 17:58:27 nicm Exp $ */
+/* $OpenBSD: server-msg.c,v 1.2 2009/06/04 21:43:24 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -278,13 +278,14 @@ server_msg_fn_unlock(struct hdr *hdr, struct client *c)
 	if (server_unlock(pass) != 0) {
 #define MSG "bad password"
 		server_write_client(c, MSG_ERROR, MSG, (sizeof MSG) - 1);
-		server_write_client(c, MSG_EXIT, NULL, 0);
-		return (0);
 #undef MSG
 	}
 
 	server_write_client(c, MSG_EXIT, NULL, 0);
 
+	memset(pass, 0, strlen(pass));
+	xfree(pass);
+
 	return (0);
 }
author	Nicholas Marriott <nicholas.marriott@gmail.com>	2009-06-25 15:55:34 +0000
committer	Nicholas Marriott <nicholas.marriott@gmail.com>	2009-06-25 15:55:34 +0000
commit	418128bebc5b8025d195f20bccbf618a8b0848d4 (patch)
tree	e18a4f1f34fb8b22856d82382c00007abf69e4ef /server-msg.c
parent	63b38ef62818462fa9b885b3a2ff056bdbd30773 (diff)
download	rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.tar.gz rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.tar.bz2 rtmux-418128bebc5b8025d195f20bccbf618a8b0848d4.zip