If the prompt is hidden or a password is sent with -U, zero it before freeing

it.
This commit is contained in:
Nicholas Marriott 2009-06-25 15:55:34 +00:00
parent 63b38ef628
commit 418128bebc
2 changed files with 11 additions and 4 deletions

View File

@ -1,4 +1,4 @@
/* $Id: server-msg.c,v 1.66 2009-05-04 17:58:27 nicm Exp $ */ /* $OpenBSD: server-msg.c,v 1.2 2009/06/04 21:43:24 nicm Exp $ */
/* /*
* Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -278,13 +278,14 @@ server_msg_fn_unlock(struct hdr *hdr, struct client *c)
if (server_unlock(pass) != 0) { if (server_unlock(pass) != 0) {
#define MSG "bad password" #define MSG "bad password"
server_write_client(c, MSG_ERROR, MSG, (sizeof MSG) - 1); server_write_client(c, MSG_ERROR, MSG, (sizeof MSG) - 1);
server_write_client(c, MSG_EXIT, NULL, 0);
return (0);
#undef MSG #undef MSG
} }
server_write_client(c, MSG_EXIT, NULL, 0); server_write_client(c, MSG_EXIT, NULL, 0);
memset(pass, 0, strlen(pass));
xfree(pass);
return (0); return (0);
} }

View File

@ -1,4 +1,4 @@
/* $OpenBSD: status.c,v 1.3 2009/06/03 16:54:26 nicm Exp $ */ /* $OpenBSD: status.c,v 1.4 2009/06/04 21:43:24 nicm Exp $ */
/* /*
* Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net> * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@ -597,6 +597,8 @@ status_prompt_clear(struct client *c)
xfree(c->prompt_string); xfree(c->prompt_string);
c->prompt_string = NULL; c->prompt_string = NULL;
if (c->prompt_flags & PROMPT_HIDDEN)
memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
xfree(c->prompt_buffer); xfree(c->prompt_buffer);
c->prompt_buffer = NULL; c->prompt_buffer = NULL;
@ -794,6 +796,8 @@ status_prompt_key(struct client *c, int key)
if (ARRAY_LENGTH(&c->prompt_hdata) == 0) if (ARRAY_LENGTH(&c->prompt_hdata) == 0)
break; break;
if (c->prompt_flags & PROMPT_HIDDEN)
memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
xfree(c->prompt_buffer); xfree(c->prompt_buffer);
c->prompt_buffer = xstrdup(ARRAY_ITEM(&c->prompt_hdata, c->prompt_buffer = xstrdup(ARRAY_ITEM(&c->prompt_hdata,
@ -808,6 +812,8 @@ status_prompt_key(struct client *c, int key)
if (server_locked) if (server_locked)
break; break;
if (c->prompt_flags & PROMPT_HIDDEN)
memset(c->prompt_buffer, 0, strlen(c->prompt_buffer));
xfree(c->prompt_buffer); xfree(c->prompt_buffer);
if (c->prompt_hindex != 0) { if (c->prompt_hindex != 0) {