diff svr-authpasswd.c @ 54:a48ba599292a

burn the buffer a bit earlier
author Matt Johnston <matt@ucc.asn.au>
date Sun, 08 Aug 2004 16:44:11 +0000
parents 0fe267cc9dee
children eee77ac31ccc
line wrap: on
line diff
--- a/svr-authpasswd.c	Sun Aug 08 16:41:26 2004 +0000
+++ b/svr-authpasswd.c	Sun Aug 08 16:44:11 2004 +0000
@@ -87,6 +87,8 @@
 
 	/* the first bytes of passwdcrypt are the salt */
 	testcrypt = crypt((char*)password, passwdcrypt);
+	m_burn(password, passwordlen);
+	m_free(password);
 
 	if (strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
@@ -101,8 +103,6 @@
 		send_msg_userauth_failure(0, 1);
 	}
 
-	m_burn(password, passwordlen);
-	m_free(password);
 }
 
 #endif /* DROPBEAR_PASSWORD_AUTH */