diff options
-rw-r--r-- | imap/src/c-client/auth_md5.c | 12 | ||||
-rw-r--r-- | pith/pine.hlp | 2 |
2 files changed, 9 insertions, 5 deletions
diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c index d4e7024b..d12fd299 100644 --- a/imap/src/c-client/auth_md5.c +++ b/imap/src/c-client/auth_md5.c @@ -113,11 +113,12 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder, ret = LONGT; /* will get a BAD response back */ } else { /* got password, build response */ - sprintf (pwd,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen, + char tmp[128]; + sprintf (tmp,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen, pwd,strlen (pwd))); fs_give ((void **) &challenge); /* send credentials, allow retry if OK */ - if ((*responder) (stream,pwd,strlen (pwd))) { + if ((*responder) (stream,tmp,strlen (tmp))) { if ((challenge = (*challenger) (stream,&clen)) != NULL) fs_give ((void **) &challenge); else { @@ -125,10 +126,13 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder, ret = LONGT; /* check the authentication */ } } - fs_give((void **) &pwd); + memset((void *) tmp, 0, sizeof(tmp)); } } - if(pwd) fs_give((void **) &pwd); + if(pwd){ + memset((void *) pwd, 0, strlen(pwd)); + fs_give((void **) &pwd); + } if (!ret) *trial = 65535; /* don't retry if bad protocol */ return ret; } diff --git a/pith/pine.hlp b/pith/pine.hlp index 4cf8c611..ae722708 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 338 2019-05-07 20:47:22 +Alpine Commit 339 2019-05-08 16:04:25 ============= h_news ================= <HTML> <HEAD> |