[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c
From: |
Mark D. Baushke |
Subject: |
[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c |
Date: |
Wed, 26 Jul 2006 09:52:57 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Changes by: Mark D. Baushke <mdb> 06/07/26 09:52:57
Modified files:
src : ChangeLog client.c cvs.h login.c
Log message:
Merge changes from 1.11.x.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/ChangeLog?cvsroot=cvs&r1=1.3473&r2=1.3474
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/client.c?cvsroot=cvs&r1=1.459&r2=1.460
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/cvs.h?cvsroot=cvs&r1=1.348&r2=1.349
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/login.c?cvsroot=cvs&r1=1.88&r2=1.89
Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v
retrieving revision 1.3473
retrieving revision 1.3474
diff -u -b -r1.3473 -r1.3474
--- ChangeLog 11 Jul 2006 21:48:43 -0000 1.3473
+++ ChangeLog 26 Jul 2006 09:52:56 -0000 1.3474
@@ -1,3 +1,12 @@
+2006-07-25 Mark D. Baushke <address@hidden>
+
+ * login.c (free_cvs_password): New function to control freeing of
+ the static get_cvs_passwd() returned storage.
+ (login): Call it.
+ * cvs.h (free_cvs_password): Add prototype for it.
+ * client.c (auth_server): Call it.
+ [Alter the previous NetBSD coverity cid-3404 patch.]
+
2006-07-11 Derek Price <address@hidden>
* subr.c (isParentPath): New function.
Index: client.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/client.c,v
retrieving revision 1.459
retrieving revision 1.460
diff -u -b -r1.459 -r1.460
--- client.c 11 Jul 2006 21:48:43 -0000 1.459
+++ client.c 26 Jul 2006 09:52:56 -0000 1.460
@@ -4652,9 +4652,8 @@
send_to_server_via(to_server, end, 0);
send_to_server_via(to_server, "\012", 1);
- /* Paranoia. */
- memset (password, 0, strlen (password));
- free (password);
+ free_cvs_password (password);
+ password = NULL;
# else /* ! AUTH_CLIENT_SUPPORT */
error (1, 0, "INTERNAL ERROR: This client does not support pserver
authentication");
# endif /* AUTH_CLIENT_SUPPORT */
Index: cvs.h
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/cvs.h,v
retrieving revision 1.348
retrieving revision 1.349
diff -u -b -r1.348 -r1.349
--- cvs.h 25 Apr 2006 20:01:47 -0000 1.348
+++ cvs.h 26 Jul 2006 09:52:56 -0000 1.349
@@ -588,6 +588,7 @@
#ifdef AUTH_CLIENT_SUPPORT
char *get_cvs_password (void);
+void free_cvs_password (char *str);
/* get_cvs_port_number() is not pure since the /etc/services file could change
* between calls. */
int get_cvs_port_number (const cvsroot_t *root);
Index: login.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/login.c,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -b -r1.88 -r1.89
--- login.c 28 Jun 2006 14:25:26 -0000 1.88
+++ login.c 26 Jul 2006 09:52:56 -0000 1.89
@@ -560,18 +560,36 @@
password_entry_operation (password_entry_add, current_parsed_root,
typed_password);
- memset (typed_password, 0, strlen (typed_password));
- free (typed_password);
-
- free (cvs_password);
+ free_cvs_password (typed_password);
free (cvsroot_canonical);
- cvs_password = NULL;
return 0;
}
+/* Free the password returned by get_cvs_password() and also free the
+ * saved cvs_password if they are different pointers. Be paranoid
+ * about the in-memory copy of the password and overwrite it with zero
+ * bytes before doing the free().
+ */
+void
+free_cvs_password (char *password)
+{
+ if (password && password != cvs_password)
+ {
+ memset (password, 0, strlen (password));
+ free (password);
+ }
+
+ if (cvs_password)
+ {
+ memset (cvs_password, 0, strlen (cvs_password));
+ free (cvs_password);
+ cvs_password = NULL;
+ }
+}
+
/* Returns the _scrambled_ password in freshly allocated memory. The server
* must descramble before hashing and comparing. If password file not found,
* or password not found in the file, just return NULL.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c,
Mark D. Baushke <=