From 418128bebc5b8025d195f20bccbf618a8b0848d4 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicholas.marriott@gmail.com>
Date: Thu, 25 Jun 2009 15:55:34 +0000
Subject: [PATCH] If the prompt is hidden or a password is sent with -U, zero
 it before freeing it.

---
 server-msg.c | 7 ++++---
 status.c     | 8 +++++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/server-msg.c b/server-msg.c
index 87a8d68a..af96c07e 100644
--- a/server-msg.c
+++ b/server-msg.c
@@ -1,4 +1,4 @@
-/* $Id: server-msg.c,v 1.66 2009-05-04 17:58:27 nicm Exp $ */
+/* $OpenBSD: server-msg.c,v 1.2 2009/06/04 21:43:24 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -278,13 +278,14 @@ server_msg_fn_unlock(struct hdr *hdr, struct client *c)
 	if (server_unlock(pass) != 0) {
 #define MSG "bad password"
 		server_write_client(c, MSG_ERROR, MSG, (sizeof MSG) - 1);
-		server_write_client(c, MSG_EXIT, NULL, 0);
-		return (0);
 #undef MSG
 	}
 
 	server_write_client(c, MSG_EXIT, NULL, 0);
 
+	memset(pass, 0, strlen(pass));
+	xfree(pass);
+
 	return (0);
 }
 
diff --git a/status.c b/status.c
index bdff0467..0200cfae 100644
--- a/status.c
+++ b/status.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: status.c,v 1.3 2009/06/03 16:54:26 nicm Exp $ */
+/* $OpenBSD: status.c,v 1.4 2009/06/04 21:43:24 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -597,6 +597,8 @@ status_prompt_clear(struct client *c)
 	xfree(c->prompt_string);
 	c->prompt_string = NULL;
 
+	if (c->prompt_flags & PROMPT_HIDDEN)
+		memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 	xfree(c->prompt_buffer);
 	c->prompt_buffer = NULL;
 
@@ -794,6 +796,8 @@ status_prompt_key(struct client *c, int key)
 
 		if (ARRAY_LENGTH(&c->prompt_hdata) == 0)
 			break;
+		if (c->prompt_flags & PROMPT_HIDDEN)
+			memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 	       	xfree(c->prompt_buffer);
 
 		c->prompt_buffer = xstrdup(ARRAY_ITEM(&c->prompt_hdata,
@@ -808,6 +812,8 @@ status_prompt_key(struct client *c, int key)
 		if (server_locked)
 			break;
 
+		if (c->prompt_flags & PROMPT_HIDDEN)
+			memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
 		xfree(c->prompt_buffer);
 
 		if (c->prompt_hindex != 0) {