nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-23 15:09:24 -05:00
Code Issues Projects Releases Wiki Activity

cmdline.c: free cmdline_password whenever it's reset.

Browse Source 
If you provided two -pw or -pwfile arguments on the same command line,
the first password could be left in memory uncleared. Spotted by
Coverity.
This commit is contained in:
Simon Tatham 2022-01-29 18:05:00 +00:00
parent af6a19e962
commit 6344e40e3f
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmdline.c
View File

@ -585,6 +585,11 @@ int cmdline_process_param(const char *p, char *value,
cmdline_error("the -pw option can only be used with the " cmdline_error("the -pw option can only be used with the "
"SSH protocol"); "SSH protocol");
else { else {
if (cmdline_password) {
smemclr(cmdline_password, strlen(cmdline_password));
sfree(cmdline_password);
}
cmdline_password = dupstr(value); cmdline_password = dupstr(value);
/* Assuming that `value' is directly from argv, make a good faith /* Assuming that `value' is directly from argv, make a good faith
* attempt to trample it, to stop it showing up in `ps' output * attempt to trample it, to stop it showing up in `ps' output
@ -608,6 +613,11 @@ int cmdline_process_param(const char *p, char *value,
if (!fp) { if (!fp) {
cmdline_error("unable to open password file '%s'", value); cmdline_error("unable to open password file '%s'", value);
} else { } else {
if (cmdline_password) {
smemclr(cmdline_password, strlen(cmdline_password));
sfree(cmdline_password);
}
cmdline_password = chomp(fgetline(fp)); cmdline_password = chomp(fgetline(fp));
if (!cmdline_password) { if (!cmdline_password) {
cmdline_error("unable to read a password from file '%s'", cmdline_error("unable to read a password from file '%s'",