summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--imap/src/c-client/auth_md5.c12
-rw-r--r--pith/pine.hlp2
2 files changed, 9 insertions, 5 deletions
diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c
index d4e7024b..d12fd299 100644
--- a/imap/src/c-client/auth_md5.c
+++ b/imap/src/c-client/auth_md5.c
@@ -113,11 +113,12 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
ret = LONGT; /* will get a BAD response back */
}
else { /* got password, build response */
- sprintf (pwd,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen,
+ char tmp[128];
+ sprintf (tmp,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen,
pwd,strlen (pwd)));
fs_give ((void **) &challenge);
/* send credentials, allow retry if OK */
- if ((*responder) (stream,pwd,strlen (pwd))) {
+ if ((*responder) (stream,tmp,strlen (tmp))) {
if ((challenge = (*challenger) (stream,&clen)) != NULL)
fs_give ((void **) &challenge);
else {
@@ -125,10 +126,13 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
ret = LONGT; /* check the authentication */
}
}
- fs_give((void **) &pwd);
+ memset((void *) tmp, 0, sizeof(tmp));
}
}
- if(pwd) fs_give((void **) &pwd);
+ if(pwd){
+ memset((void *) pwd, 0, strlen(pwd));
+ fs_give((void **) &pwd);
+ }
if (!ret) *trial = 65535; /* don't retry if bad protocol */
return ret;
}
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 4cf8c611..ae722708 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 338 2019-05-07 20:47:22
+Alpine Commit 339 2019-05-08 16:04:25
============= h_news =================
<HTML>
<HEAD>