[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c

cvs-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c

From:	Mark D. Baushke
Subject:	[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c
Date:	Wed, 26 Jul 2006 09:52:57 +0000

CVSROOT:        /cvsroot/cvs
Module name:    ccvs
Changes by:     Mark D. Baushke <mdb>   06/07/26 09:52:57

Modified files:
        src            : ChangeLog client.c cvs.h login.c 

Log message:
        Merge changes from 1.11.x.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/ChangeLog?cvsroot=cvs&r1=1.3473&r2=1.3474
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/client.c?cvsroot=cvs&r1=1.459&r2=1.460
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/cvs.h?cvsroot=cvs&r1=1.348&r2=1.349
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/login.c?cvsroot=cvs&r1=1.88&r2=1.89

Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v
retrieving revision 1.3473
retrieving revision 1.3474
diff -u -b -r1.3473 -r1.3474
--- ChangeLog   11 Jul 2006 21:48:43 -0000      1.3473
+++ ChangeLog   26 Jul 2006 09:52:56 -0000      1.3474
@@ -1,3 +1,12 @@
+2006-07-25  Mark D. Baushke  <address@hidden>
+
+       * login.c (free_cvs_password): New function to control freeing of
+       the static get_cvs_passwd() returned storage.
+       (login): Call it.
+       * cvs.h (free_cvs_password): Add prototype for it.
+       * client.c (auth_server): Call it.
+       [Alter the previous NetBSD coverity cid-3404 patch.]
+       
 2006-07-11  Derek Price  <address@hidden>
 
        * subr.c (isParentPath): New function.

Index: client.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/client.c,v
retrieving revision 1.459
retrieving revision 1.460
diff -u -b -r1.459 -r1.460
--- client.c    11 Jul 2006 21:48:43 -0000      1.459
+++ client.c    26 Jul 2006 09:52:56 -0000      1.460
@@ -4652,9 +4652,8 @@
        send_to_server_via(to_server, end, 0);
        send_to_server_via(to_server, "\012", 1);
 
-        /* Paranoia. */
-        memset (password, 0, strlen (password));
-       free (password);
+       free_cvs_password (password);
+       password = NULL;
 # else /* ! AUTH_CLIENT_SUPPORT */
        error (1, 0, "INTERNAL ERROR: This client does not support pserver 
authentication");
 # endif /* AUTH_CLIENT_SUPPORT */

Index: cvs.h
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/cvs.h,v
retrieving revision 1.348
retrieving revision 1.349
diff -u -b -r1.348 -r1.349
--- cvs.h       25 Apr 2006 20:01:47 -0000      1.348
+++ cvs.h       26 Jul 2006 09:52:56 -0000      1.349
@@ -588,6 +588,7 @@
 
 #ifdef AUTH_CLIENT_SUPPORT
 char *get_cvs_password (void);
+void free_cvs_password (char *str);
 /* get_cvs_port_number() is not pure since the /etc/services file could change
  * between calls.  */
 int get_cvs_port_number (const cvsroot_t *root);

Index: login.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/login.c,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -b -r1.88 -r1.89
--- login.c     28 Jun 2006 14:25:26 -0000      1.88
+++ login.c     26 Jul 2006 09:52:56 -0000      1.89
@@ -560,18 +560,36 @@
     password_entry_operation (password_entry_add, current_parsed_root,
                               typed_password);
 
-    memset (typed_password, 0, strlen (typed_password));
-    free (typed_password);
-
-    free (cvs_password);
+    free_cvs_password (typed_password);
     free (cvsroot_canonical);
-    cvs_password = NULL;
 
     return 0;
 }
 
 
 
+/* Free the password returned by get_cvs_password() and also free the
+ * saved cvs_password if they are different pointers. Be paranoid
+ * about the in-memory copy of the password and overwrite it with zero
+ * bytes before doing the free().
+ */
+void
+free_cvs_password (char *password)
+{
+    if (password && password != cvs_password)
+    {
+       memset (password, 0, strlen (password));
+       free (password);
+    }
+
+    if (cvs_password)
+    {
+       memset (cvs_password, 0, strlen (cvs_password));
+       free (cvs_password);
+       cvs_password = NULL;
+    }
+}
+
 /* Returns the _scrambled_ password in freshly allocated memory.  The server
  * must descramble before hashing and comparing.  If password file not found,
  * or password not found in the file, just return NULL.

[Prev in Thread]

Current Thread

[Next in Thread]

[Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c, Mark D. Baushke <=

Prev by Date: [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]
Previous by thread: [Cvs-cvs] ccvs/src ChangeLog client.c cvs.h login.c [cvs1-11-x-branch]
Index(es):
- Date
- Thread