If the prompt is hidden or a password is sent with -U, zero it before freeing

it.
2025-09-03 22:43:58 +00:00 · 2009-06-04 21:43:24 +00:00
parent f031975dc0
commit 50bd094856
2 changed files with 9 additions and 2 deletions
--- a/server-msg.c
+++ b/server-msg.c
@ -278,13 +278,14 @@ server_msg_fn_unlock(struct hdr *hdr, struct client *c)
 	if (server_unlock(pass) != 0) {
 #define MSG "bad password"
 		server_write_client(c, MSG_ERROR, MSG, (sizeof MSG) - 1);
-		server_write_client(c, MSG_EXIT, NULL, 0);
-		return (0);
 #undef MSG
 	}

 	server_write_client(c, MSG_EXIT, NULL, 0);

+	memset(pass, 0, strlen(pass));
+	xfree(pass);
+
 	return (0);
 }