From 9c643efab52eef907c6e8a482d95fa1a1952e73b Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Mon, 4 Nov 2019 18:50:54 -0500
Subject: Zero PASS parameter

---
 client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'client.c')

diff --git a/client.c b/client.c
index 35faa4b..79f55ae 100644
--- a/client.c
+++ b/client.c
@@ -23,6 +23,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
 #include <sysexits.h>
 #include <tls.h>
 #include <unistd.h>
@@ -127,7 +128,7 @@ static void handleUser(struct Client *client, struct Message *msg) {
 static void handlePass(struct Client *client, struct Message *msg) {
 	if (!clientPass) return;
 	if (!msg->params[0]) {
-		passRequired(client);
+		client->error = true;
 		return;
 	}
 	if (!strcmp(crypt(msg->params[0], clientPass), clientPass)) {
@@ -136,6 +137,7 @@ static void handlePass(struct Client *client, struct Message *msg) {
 	} else {
 		passRequired(client);
 	}
+	explicit_bzero(msg->params[0], strlen(msg->params[0]));
 }
 
 static void handleCap(struct Client *client, struct Message *msg) {
-- 
cgit 1.4.1