[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]
From: |
Mark D. Baushke |
Subject: |
[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch] |
Date: |
Wed, 26 Jul 2006 07:22:00 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Branch: cvs1-11-x-branch
Changes by: Mark D. Baushke <mdb> 06/07/26 07:22:00
Modified files:
src : ChangeLog client.c cvs.h login.c
Log message:
* login.c (free_cvs_password): New function to control freeing of
the static get_cvs_passwd() returned storage.
(login): Call it.
* cvs.h (free_cvs_password): Add prototype for it.
* client.c (auth_server): Call it.
[Alter the previous NetBSD coverity cid-3404 patch.]
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/ChangeLog?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.2336.2.464&r2=1.2336.2.465
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/client.c?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.318.4.43&r2=1.318.4.44
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/cvs.h?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.235.4.36&r2=1.235.4.37
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/login.c?cvsroot=cvs&only_with_tag=cvs1-11-x-branch&r1=1.70.4.8&r2=1.70.4.9
Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v
retrieving revision 1.2336.2.464
retrieving revision 1.2336.2.465
diff -u -b -r1.2336.2.464 -r1.2336.2.465
--- ChangeLog 11 Jul 2006 19:52:49 -0000 1.2336.2.464
+++ ChangeLog 26 Jul 2006 07:21:59 -0000 1.2336.2.465
@@ -1,3 +1,12 @@
+2006-07-25 Mark D. Baushke <address@hidden>
+
+ * login.c (free_cvs_password): New function to control freeing of
+ the static get_cvs_passwd() returned storage.
+ (login): Call it.
+ * cvs.h (free_cvs_password): Add prototype for it.
+ * client.c (auth_server): Call it.
+ [Alter the previous NetBSD coverity cid-3404 patch.]
+
2006-07-11 Larry Jones <address@hidden>
* log.c (log_usage): Fix misleading description of -b (it selects
Index: client.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/client.c,v
retrieving revision 1.318.4.43
retrieving revision 1.318.4.44
diff -u -b -r1.318.4.43 -r1.318.4.44
--- client.c 29 Jun 2006 16:46:46 -0000 1.318.4.43
+++ client.c 26 Jul 2006 07:22:00 -0000 1.318.4.44
@@ -3924,9 +3924,8 @@
send_to_server(end, 0);
send_to_server("\012", 1);
- /* Paranoia. */
- memset (password, 0, strlen (password));
- free (password);
+ free_cvs_password (password);
+ password = NULL;
# else /* ! AUTH_CLIENT_SUPPORT */
error (1, 0, "INTERNAL ERROR: This client does not support pserver
authentication");
# endif /* AUTH_CLIENT_SUPPORT */
Index: cvs.h
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/cvs.h,v
retrieving revision 1.235.4.36
retrieving revision 1.235.4.37
diff -u -b -r1.235.4.36 -r1.235.4.37
--- cvs.h 29 Sep 2005 18:32:08 -0000 1.235.4.36
+++ cvs.h 26 Jul 2006 07:22:00 -0000 1.235.4.37
@@ -916,6 +916,7 @@
#ifdef AUTH_CLIENT_SUPPORT
char *get_cvs_password PROTO((void));
+void free_cvs_password PROTO((char *str));
int get_cvs_port_number PROTO((const cvsroot_t *root));
char *normalize_cvsroot PROTO((const cvsroot_t *root));
#endif /* AUTH_CLIENT_SUPPORT */
Index: login.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/login.c,v
retrieving revision 1.70.4.8
retrieving revision 1.70.4.9
diff -u -b -r1.70.4.8 -r1.70.4.9
--- login.c 28 Jun 2006 14:02:34 -0000 1.70.4.8
+++ login.c 26 Jul 2006 07:22:00 -0000 1.70.4.9
@@ -566,18 +566,36 @@
password_entry_operation (password_entry_add, current_parsed_root,
typed_password);
- memset (typed_password, 0, strlen (typed_password));
- free (typed_password);
-
- free (cvs_password);
+ free_cvs_password (typed_password);
free (cvsroot_canonical);
- cvs_password = NULL;
return 0;
}
+/* Free the password returned by get_cvs_password() and also free the
+ * saved cvs_password if they are different pointers. Be paranoid
+ * about the in-memory copy of the password and overwrite it with zero
+ * bytes before doing the free().
+ */
+void
+free_cvs_password (char *password)
+{
+ if (password && password != cvs_password)
+ {
+ memset (password, 0, strlen (password));
+ free (password);
+ }
+
+ if (cvs_password)
+ {
+ memset (cvs_password, 0, strlen (cvs_password));
+ free (cvs_password);
+ cvs_password = NULL;
+ }
+}
+
/* Returns the _scrambled_ password in freshly allocated memory. The server
* must descramble before hashing and comparing. If password file not found,
* or password not found in the file, just return NULL.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch],
Mark D. Baushke <=