From 750be17704654f93a16ef4fc36405ba3abb5f493 Mon Sep 17 00:00:00 2001
From: Curtis McEnroe <june@causal.agency>
Date: Thu, 31 Oct 2019 17:45:02 -0400
Subject: Clear passwords from memory with memset_s

---
 state.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'state.c')

diff --git a/state.c b/state.c
index 50afb26..37df845 100644
--- a/state.c
+++ b/state.c
@@ -14,6 +14,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#define __STDC_WANT_LIB_EXT1__ 1
+
 #include <assert.h>
 #include <err.h>
 #include <stdbool.h>
@@ -99,6 +101,7 @@ static void handleAuthenticate(struct Message *msg) {
 	(void)msg;
 	if (!plainBase64) errx(EX_PROTOCOL, "unsolicited AUTHENTICATE");
 	serverFormat("AUTHENTICATE %s\r\n", plainBase64);
+	memset_s(plainBase64, strlen(plainBase64), 0, strlen(plainBase64));
 	free(plainBase64);
 	plainBase64 = NULL;
 }
-- 
cgit 1.4.1