Obscure the passwd.

Alain Magloire
Commit 16fc6fbc ... 16fc6fbc7eae3624cad89a02a58f6a14e1a5dcbd authored 2003-10-07 01:38:59 +0000 by Alain Magloire
Showing 2 changed files with 7 additions and 1 deletions
mailbox/pop/pop3_apop.c
mailbox/pop/pop3_pass.c
--- a/mailbox/pop/pop3_apop.c
View file @16fc6fb
+++ b/mailbox/pop/pop3_apop.c
View file @16fc6fb
@@ -69,6 +69,8 @@ mu_pop3_apop (mu_pop3_t pop3, const char *user, const char *secret)
 	*tmp = '\0';
 	status = mu_pop3_writeline (pop3, "APOP %s %s\r\n", user, digest);
+	/* Obscure the digest, for security reasons.  */
+	memset (digest, '\0', sizeof digest);
 	MU_POP3_CHECK_ERROR (pop3, status);
 	mu_pop3_debug_cmd (pop3);
 	pop3->state = MU_POP3_APOP;
@@ -77,6 +79,8 @@ mu_pop3_apop (mu_pop3_t pop3, const char *user, const char *secret)
    case MU_POP3_APOP:
      status = mu_pop3_send (pop3);
      MU_POP3_CHECK_EAGAIN (pop3, status);
+      /* Obscure the digest, for security reasons.  */
+      memset (pop3->io.buf, '\0', pop3->io.len);
      pop3->acknowledge = 0;
      pop3->state = MU_POP3_APOP_ACK;
--- a/mailbox/pop/pop3_pass.c
View file @16fc6fb
+++ b/mailbox/pop/pop3_pass.c
View file @16fc6fb
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 1999, 2000, 2001 Free Software Foundation, Inc.
+   Copyright (C) 2003 Free Software Foundation, Inc.
   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
@@ -42,6 +42,8 @@ mu_pop3_pass (mu_pop3_t pop3, const char *passwd)
    case MU_POP3_PASS:
      status = mu_pop3_send (pop3);
      MU_POP3_CHECK_EAGAIN (pop3, status);
+      /* Obscure the passwd.  */
+      memset (pop3->io.buf, '\0', pop3->io.len);
      pop3->acknowledge = 0;
      pop3->state = MU_POP3_PASS_ACK;