From 750be17704654f93a16ef4fc36405ba3abb5f493 Mon Sep 17 00:00:00 2001
From: Curtis McEnroe <june@causal.agency>
Date: Thu, 31 Oct 2019 17:45:02 -0400
Subject: Clear passwords from memory with memset_s

---
 bounce.c | 9 +++++++--
 state.c  | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/bounce.c b/bounce.c
index aa1cecc..cc6b34f 100644
--- a/bounce.c
+++ b/bounce.c
@@ -14,6 +14,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#define __STDC_WANT_LIB_EXT1__ 1
+
 #include <assert.h>
 #include <err.h>
 #include <errno.h>
@@ -107,8 +109,8 @@ int main(int argc, char *argv[]) {
 	bool insecure = false;
 	const char *host = NULL;
 	const char *port = "6697";
-	const char *pass = NULL;
-	const char *auth = NULL;
+	char *pass = NULL;
+	char *auth = NULL;
 	const char *nick = NULL;
 	const char *user = NULL;
 	const char *real = NULL;
@@ -195,6 +197,9 @@ int main(int argc, char *argv[]) {
 
 	int server = serverConnect(insecure, host, port);
 	stateLogin(pass, auth, nick, user, real);
+	if (pass) memset_s(pass, strlen(pass), 0, strlen(pass));
+	if (auth) memset_s(auth, strlen(auth), 0, strlen(auth));
+
 	while (!stateReady()) serverRecv();
 	serverFormat("AWAY :%s\r\n", away);
 	if (join) serverFormat("JOIN :%s\r\n", join);
diff --git a/state.c b/state.c
index 50afb26..37df845 100644
--- a/state.c
+++ b/state.c
@@ -14,6 +14,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#define __STDC_WANT_LIB_EXT1__ 1
+
 #include <assert.h>
 #include <err.h>
 #include <stdbool.h>
@@ -99,6 +101,7 @@ static void handleAuthenticate(struct Message *msg) {
 	(void)msg;
 	if (!plainBase64) errx(EX_PROTOCOL, "unsolicited AUTHENTICATE");
 	serverFormat("AUTHENTICATE %s\r\n", plainBase64);
+	memset_s(plainBase64, strlen(plainBase64), 0, strlen(plainBase64));
 	free(plainBase64);
 	plainBase64 = NULL;
 }
-- 
cgit 1.4.1

gi'/><input type='hidden' name='id' value='b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/torus/log/?h=cgi&amp;id=b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6&amp;follow=1'>root</a>/<a href='/torus/log/torus.h?h=cgi&amp;id=b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6&amp;follow=1'>torus.h</a> (<a href='/torus/log/torus.h?h=cgi&amp;id=b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/torus/log/torus.h?h=cgi&amp;id=b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6&amp;showmsg=1&amp;follow=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2018-04-09 01:00:54 -0400'>2018-04-09</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=b2ad77d0be34b7cbfd5dd9dcc55c3c93811edbc6&amp;follow=1'>Replace #define with enum or const where possible</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-31 22:05:47 -0400'>2018-03-31</span></td><td><a href='/torus/commit/Makefile?h=cgi&amp;id=5273386983f8579f8fe8ba2d54daaacb4cb0d0a4&amp;follow=1'>Link against ncurses</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:58:58 -0500'>2018-03-05</span></td><td><a href='/torus/commit/server.c?h=cgi&amp;id=a7339f0e1edff37a532c459ce6467f16749383d6&amp;follow=1'>Miscellaneous code cleanup</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:58:18 -0500'>2018-03-05</span></td><td><a href='/torus/commit/server.c?h=cgi&amp;id=a3f0e073afa6e5ae84829e8b655afbff19e23a0e&amp;follow=1'>Pass message structs by value</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:55:46 -0500'>2018-03-05</span></td><td><a href='/torus/commit/meta.c?h=cgi&amp;id=02bb28d98b614303f4a0dbcc4ea2f327ac46ed80&amp;follow=1'>Use stdio in merge and meta</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:55:18 -0500'>2018-03-05</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=8a4618a20339ed233cc5e5a6a4e32c4344f97c1c&amp;follow=1'>Clean up spawn constants</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:54:26 -0500'>2018-03-05</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=737c28c63c525fcc033bd9f0adb36e2c65d9f6a8&amp;follow=1'>Rename Tile timestamps {create,modify,access}Time</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:45:17 -0500'>2018-03-05</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=f883e5bf73cc11f545ef5a72cbebf8f2aeea69da&amp;follow=1'>Pack message type enums</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:39:40 -0500'>2018-03-05</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=456b632b849de3a9615ef17b51cf27046234f6f4&amp;follow=1'>Undef COLOR_ constants in torus.h</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2018-03-05 12:37:52 -0500'>2018-03-05</span></td><td><a href='/torus/commit/Makefile?h=cgi&amp;id=6f067e41c8163982310546246a5d5b64457f078f&amp;follow=1'>Generate tags</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-10-03 12:32:05 -0400'>2017-10-03</span></td><td><a href='/torus/commit/Makefile?h=cgi&amp;id=482b094a794c56a2052be81fdb50d3da1e87d15d&amp;follow=1'>Simplify Makefile with pattern rule</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-27 15:28:16 -0400'>2017-09-27</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=e3604c1fe2a8cf89e5d9d1e2919da103127af2dd&amp;follow=1'>Remove leading blank lines</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-27 15:25:58 -0400'>2017-09-27</span></td><td><a href='/torus/commit/README?h=cgi&amp;id=484c8a39e1cec59144babfcc0466c69557e5030b&amp;follow=1'>Add merge.c to README</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-03 15:34:21 -0400'>2017-09-03</span></td><td><a href='/torus/commit/server.c?h=cgi&amp;id=811419e17b70f93cb85fc26c9b7227f53349a7a7&amp;follow=1'>Assert client coords are valid after movement</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-03 14:57:17 -0400'>2017-09-03</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=7a95cab1c4f9bd8abfc721af63b7a33096d8dfb9&amp;follow=1'>Relicense AGPL</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-01 13:55:48 -0400'>2017-09-01</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=fbb416f2bdd9dedcbc7b4471af335e2b65331953&amp;follow=1'>Revert "Add client readOnly mode"</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-01 12:33:54 -0400'>2017-09-01</span></td><td><a href='/torus/commit/server.c?h=cgi&amp;id=0dae2c10c7db909964d0c00607e983c1fc9db978&amp;follow=1'>Remove clientRemove call from clientCast</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-09-01 00:08:07 -0400'>2017-09-01</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=34f25ae40a3db9369e9d98b3814f2b93bbc21451&amp;follow=1'>Add client readOnly mode</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-31 15:37:36 -0400'>2017-08-31</span></td><td><a href='/torus/commit/merge.c?h=cgi&amp;id=aa81ed84fc03060ea270766427d9e3232d130855&amp;follow=1'>Clean up merge tool</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-31 13:45:12 -0400'>2017-08-31</span></td><td><a href='/torus/commit/merge.c?h=cgi&amp;id=cf94e1b5a227b0a64eae2de78884c14b44dada6b&amp;follow=1'>Choose B for tiles with equal modify times</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-31 01:00:02 -0400'>2017-08-31</span></td><td><a href='/torus/commit/merge.c?h=cgi&amp;id=ccf62ec6e3bbf785928962223221eefc8cfef653&amp;follow=1'>Add quick data file merge tool</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-30 11:16:22 -0400'>2017-08-30</span></td><td><a href='/torus/commit/client.c?h=cgi&amp;id=3a556f5f020d627e40b002be5370799f411e7869&amp;follow=1'>Use only foreground color for selecting spawn</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-29 18:33:59 -0400'>2017-08-29</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=931289b9c11fbf1ba61442f83b3199e44bebaaf2&amp;follow=1'>Add four additional spawns</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-28 23:38:40 -0400'>2017-08-28</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=66761cd30ee1da5b820c89c38fac6caf42fbe715&amp;follow=1'>Add respawning</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-26 23:46:14 -0400'>2017-08-26</span></td><td><a href='/torus/commit/torus.h?h=cgi&amp;id=0fd1719a5de2fa9ca11f57564ee55cf0608bce16&amp;follow=1'>Move license above includes</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-26 19:32:55 -0400'>2017-08-26</span></td><td><a href='/torus/commit/snapshot.sh?h=cgi&amp;id=49c49d4646aba28e1b92681af2e7f476607f5c7b&amp;follow=1'>Snapshot metadata</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-26 16:51:14 -0400'>2017-08-26</span></td><td><a href='/torus/commit/README?h=cgi&amp;id=77c3f17ae4e84fb83c6656f1b8496958f573a44b&amp;follow=1'>Add meta.c to README</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2017-08-26 16:47:57 -0400'>2017-08-26</span></td><td><a href='/torus/commit/server.c?h=cgi&amp;id=c1eee615c85ef9aebbb1b86b372535e61ca8d6ce&amp;follow=1'>Use Makefile</a></td><td>June McEnroe