diff options
| author | June McEnroe <june@causal.agency> | 2019-10-31 19:04:43 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2019-10-31 19:04:43 -0400 |
| commit | c4404762701c7073e1f85d7f89834b5ddd59e749 (patch) | |
| tree | bbe1d574587f2e6d5841d2c49fb7eb4018839eef /state.c | |
| parent | Send clients their own QUIT on shutdown (diff) | |
| download | pounce-c4404762701c7073e1f85d7f89834b5ddd59e749.tar.gz pounce-c4404762701c7073e1f85d7f89834b5ddd59e749.zip | |
Use explicit_bzero to clear passwords
GNU doesn't implement memset_s, but both FreeBSD and GNU implement explicit_bzero. Darwin doesn't, so #define it in terms of memset_s.
Diffstat (limited to 'state.c')
| -rw-r--r-- | state.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/state.c b/state.c index 37df845..c980ad7 100644 --- a/state.c +++ b/state.c @@ -14,7 +14,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#define __STDC_WANT_LIB_EXT1__ 1 +#include "bounce.h" #include <assert.h> #include <err.h> @@ -22,10 +22,9 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <strings.h> #include <sysexits.h> -#include "bounce.h" - typedef void Handler(struct Message *msg); static void require(const struct Message *msg, bool origin, size_t len) { @@ -101,7 +100,7 @@ static void handleAuthenticate(struct Message *msg) { (void)msg; if (!plainBase64) errx(EX_PROTOCOL, "unsolicited AUTHENTICATE"); serverFormat("AUTHENTICATE %s\r\n", plainBase64); - memset_s(plainBase64, strlen(plainBase64), 0, strlen(plainBase64)); + explicit_bzero(plainBase64, strlen(plainBase64)); free(plainBase64); plainBase64 = NULL; } |