|
|
@@ -340,10 +340,9 @@ int u_pass_match(struct userrec *u, char *in)
|
|
|
|
|
|
strlcpy(pass, in, sizeof(pass));
|
|
|
|
|
|
- if (strlen(pass) > MAXPASSLEN)
|
|
|
- pass[MAXPASSLEN] = 0;
|
|
|
/* Pass the salted pass in so the same salt can be used */
|
|
|
- char* newpass = encrypt_pass(u, pass, &cmp[1]);
|
|
|
+ char* newpass = encrypt_pass(u, in, &cmp[1]);
|
|
|
+ OPENSSL_cleanse(pass, sizeof(pass));
|
|
|
if (!strcmp(cmp, newpass)) {
|
|
|
free(newpass);
|
|
|
return 1;
|