[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]

cvs-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]

From:	Mark D. Baushke
Subject:	[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]
Date:	Wed, 26 Jul 2006 07:22:00 +0000

CVSROOT:        /cvsroot/cvs
Module name:    ccvs
Branch:         cvs1-11-x-branch
Changes by:     Mark D. Baushke <mdb>   06/07/26 07:22:00

Modified files:
        src            : ChangeLog client.c cvs.h login.c 

Log message:
        * login.c (free_cvs_password): New function to control freeing of
        the static get_cvs_passwd() returned storage.
        (login): Call it.
        * cvs.h (free_cvs_password): Add prototype for it.
        * client.c (auth_server): Call it.
        [Alter the previous NetBSD coverity cid-3404 patch.]

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/ChangeLog?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.2336.2.464&r2=1.2336.2.465
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/client.c?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.318.4.43&r2=1.318.4.44
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/cvs.h?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.235.4.36&r2=1.235.4.37
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/login.c?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.70.4.8&r2=1.70.4.9

Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v
retrieving revision 1.2336.2.464
retrieving revision 1.2336.2.465
diff -u -b -r1.2336.2.464 -r1.2336.2.465
--- ChangeLog   11 Jul 2006 19:52:49 -0000      1.2336.2.464
+++ ChangeLog   26 Jul 2006 07:21:59 -0000      1.2336.2.465
@@ -1,3 +1,12 @@
+2006-07-25  Mark D. Baushke  <address@hidden>
+
+       * login.c (free_cvs_password): New function to control freeing of
+       the static get_cvs_passwd() returned storage.
+       (login): Call it.
+       * cvs.h (free_cvs_password): Add prototype for it.
+       * client.c (auth_server): Call it.
+       [Alter the previous NetBSD coverity cid-3404 patch.]
+       
 2006-07-11  Larry Jones  <address@hidden>
 
        * log.c (log_usage): Fix misleading description of -b (it selects

Index: client.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/client.c,v
retrieving revision 1.318.4.43
retrieving revision 1.318.4.44
diff -u -b -r1.318.4.43 -r1.318.4.44
--- client.c    29 Jun 2006 16:46:46 -0000      1.318.4.43
+++ client.c    26 Jul 2006 07:22:00 -0000      1.318.4.44
@@ -3924,9 +3924,8 @@
        send_to_server(end, 0);
        send_to_server("\012", 1);
 
-        /* Paranoia. */
-        memset (password, 0, strlen (password));
-       free (password);
+       free_cvs_password (password);
+       password = NULL;
 # else /* ! AUTH_CLIENT_SUPPORT */
        error (1, 0, "INTERNAL ERROR: This client does not support pserver 
authentication");
 # endif /* AUTH_CLIENT_SUPPORT */

Index: cvs.h
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/cvs.h,v
retrieving revision 1.235.4.36
retrieving revision 1.235.4.37
diff -u -b -r1.235.4.36 -r1.235.4.37
--- cvs.h       29 Sep 2005 18:32:08 -0000      1.235.4.36
+++ cvs.h       26 Jul 2006 07:22:00 -0000      1.235.4.37
@@ -916,6 +916,7 @@
 
 #ifdef AUTH_CLIENT_SUPPORT
 char *get_cvs_password PROTO((void));
+void free_cvs_password PROTO((char *str));
 int get_cvs_port_number PROTO((const cvsroot_t *root));
 char *normalize_cvsroot PROTO((const cvsroot_t *root));
 #endif /* AUTH_CLIENT_SUPPORT */

Index: login.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/login.c,v
retrieving revision 1.70.4.8
retrieving revision 1.70.4.9
diff -u -b -r1.70.4.8 -r1.70.4.9
--- login.c     28 Jun 2006 14:02:34 -0000      1.70.4.8
+++ login.c     26 Jul 2006 07:22:00 -0000      1.70.4.9
@@ -566,18 +566,36 @@
     password_entry_operation (password_entry_add, current_parsed_root,
                               typed_password);
 
-    memset (typed_password, 0, strlen (typed_password));
-    free (typed_password);
-
-    free (cvs_password);
+    free_cvs_password (typed_password);
     free (cvsroot_canonical);
-    cvs_password = NULL;
 
     return 0;
 }
 
 
 
+/* Free the password returned by get_cvs_password() and also free the
+ * saved cvs_password if they are different pointers. Be paranoid
+ * about the in-memory copy of the password and overwrite it with zero
+ * bytes before doing the free().
+ */
+void
+free_cvs_password (char *password)
+{
+    if (password && password != cvs_password)
+    {
+       memset (password, 0, strlen (password));
+       free (password);
+    }
+
+    if (cvs_password)
+    {
+       memset (cvs_password, 0, strlen (cvs_password));
+       free (cvs_password);
+       cvs_password = NULL;
+    }
+}
+
 /* Returns the _scrambled_ password in freshly allocated memory.  The server
  * must descramble before hashing and comparing.  If password file not found,
  * or password not found in the file, just return NULL.

[Prev in Thread]

Current Thread

[Next in Thread]

[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch], Mark D. Baushke <=

Prev by Date: [Cvs-cvs] ccvs/contrib ChangeLog log_accum.pl
Next by Date: [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c
Previous by thread: [Cvs-cvs] ccvs/contrib ChangeLog log_accum.pl
Next by thread: [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c
Index(es):
- Date
- Thread