From 50bd0948564c64d76acebf8f6c5b4f3ef7b6b4fc Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicm@openbsd.org>
Date: Thu, 4 Jun 2009 21:43:24 +0000
Subject: If the prompt is hidden or a password is sent with -U, zero it before
 freeing it.

---
 status.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'status.c')

diff --git a/status.c b/status.c
index dae0d5c4..98061dd0 100644
--- a/status.c
+++ b/status.c
@@ -597,6 +597,8 @@ status_prompt_clear(struct client *c)
 	xfree(c->prompt_string);
 	c->prompt_string = NULL;
 
+	if (c->prompt_flags & PROMPT_HIDDEN)
+		memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 	xfree(c->prompt_buffer);
 	c->prompt_buffer = NULL;
 
@@ -794,6 +796,8 @@ status_prompt_key(struct client *c, int key)
 
 		if (ARRAY_LENGTH(&c->prompt_hdata) == 0)
 			break;
+		if (c->prompt_flags & PROMPT_HIDDEN)
+			memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 	       	xfree(c->prompt_buffer);
 
 		c->prompt_buffer = xstrdup(ARRAY_ITEM(&c->prompt_hdata,
@@ -808,6 +812,8 @@ status_prompt_key(struct client *c, int key)
 		if (server_locked)
 			break;
 
+		if (c->prompt_flags & PROMPT_HIDDEN)
+			memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 		xfree(c->prompt_buffer);
 
 		if (c->prompt_hindex != 0) {
-- 
cgit