Mercurial > dropbear

comparison svr-authpasswd.c @ 54:a48ba599292a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
burn the buffer a bit earlier
author Matt Johnston <matt@ucc.asn.au>
date Sun, 08 Aug 2004 16:44:11 +0000
parents 0fe267cc9dee
children eee77ac31ccc
comparison
equal deleted inserted replaced
53:0fe267cc9dee 54:a48ba599292a
85 buf_incrpos(ses.payload, -passwordlen - 4); 85 buf_incrpos(ses.payload, -passwordlen - 4);
86 m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4); 86 m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4);
87 87
88 /* the first bytes of passwdcrypt are the salt */ 88 /* the first bytes of passwdcrypt are the salt */
89 testcrypt = crypt((char*)password, passwdcrypt); 89 testcrypt = crypt((char*)password, passwdcrypt);
90 m_burn(password, passwordlen);
91 m_free(password);
90 92
91 if (strcmp(testcrypt, passwdcrypt) == 0) { 93 if (strcmp(testcrypt, passwdcrypt) == 0) {
92 /* successful authentication */ 94 /* successful authentication */
93 dropbear_log(LOG_NOTICE, 95 dropbear_log(LOG_NOTICE,
94 "password auth succeeded for '%s'", 96 "password auth succeeded for '%s'",
99 "bad password attempt for '%s'", 101 "bad password attempt for '%s'",
100 ses.authstate.printableuser); 102 ses.authstate.printableuser);
101 send_msg_userauth_failure(0, 1); 103 send_msg_userauth_failure(0, 1);
102 } 104 }
103 105
104 m_burn(password, passwordlen);
105 m_free(password);
106 } 106 }
107 107
108 #endif /* DROPBEAR_PASSWORD_AUTH */ 108 #endif /* DROPBEAR_PASSWORD_AUTH */