From 6344e40e3f7524aa3479953b4e58daae349879de Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 29 Jan 2022 18:05:00 +0000
Subject: [PATCH] cmdline.c: free cmdline_password whenever it's reset.

If you provided two -pw or -pwfile arguments on the same command line,
the first password could be left in memory uncleared. Spotted by
Coverity.
---
 cmdline.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cmdline.c b/cmdline.c
index c39c8ad2..9f37f2a0 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -585,6 +585,11 @@ int cmdline_process_param(const char *p, char *value,
             cmdline_error("the -pw option can only be used with the "
                           "SSH protocol");
         else {
+            if (cmdline_password) {
+                smemclr(cmdline_password, strlen(cmdline_password));
+                sfree(cmdline_password);
+            }
+
             cmdline_password = dupstr(value);
             /* Assuming that `value' is directly from argv, make a good faith
              * attempt to trample it, to stop it showing up in `ps' output
@@ -608,6 +613,11 @@ int cmdline_process_param(const char *p, char *value,
             if (!fp) {
                 cmdline_error("unable to open password file '%s'", value);
             } else {
+                if (cmdline_password) {
+                    smemclr(cmdline_password, strlen(cmdline_password));
+                    sfree(cmdline_password);
+                }
+
                 cmdline_password = chomp(fgetline(fp));
                 if (!cmdline_password) {
                     cmdline_error("unable to read a password from file '%s'",