Explorar o código

Fix OPENSSL_cleanse() not using proper size for password buffer

Bryan Drewery %!s(int64=14) %!d(string=hai) anos
pai
achega
b1673a949c
Modificáronse 1 ficheiros con 1 adicións e 1 borrados
  1. 1 1
      src/userrec.c

+ 1 - 1
src/userrec.c

@@ -342,7 +342,7 @@ int u_pass_match(struct userrec *u, const char *in)
 
     /* Pass the salted pass in so the same salt can be used */
     int n = salted_sha1cmp(cmp, pass);
-    OPENSSL_cleanse(pass, sizeof(pass));
+    OPENSSL_cleanse(pass, strlen(pass));
     free(pass_p);
     if (!n)
       return 1;