Hi there, While reading the camel-pop3 provider to learn about it and use it for the SIEVE protocol that I am planning to do, I noticed a tiny little issue.
The memory where the password of the user was stored only gets free't, not memset()'t. I am not sure what most operating systems do but I don't think that they reset the memory of a free't area, meaning that the password is left unprotected in the memory. One once told me that you must memset it before free-ing. Well, I am not sure.. perhaps this little patch is totally 'not' what you should do. If it is, then I guess it needs to be fixed in most camel providers that use authentication. -- Philip Van Hoof, Software Developer @ Cronos home: me at freax dot org work: Philip dot VanHoof at cronos dot be http://www.freax.be, http://www.freax.eu.org
Index: camel-pop3-store.c =================================================================== RCS file: /cvs/gnome/evolution/camel/providers/pop3/camel-pop3-store.c,v retrieving revision 1.99 diff -u -u -r1.99 camel-pop3-store.c --- camel-pop3-store.c 23 Jul 2003 14:57:22 -0000 1.99 +++ camel-pop3-store.c 31 Jul 2003 17:46:32 -0000 @@ -430,6 +430,7 @@ } ret = camel_stream_printf((CamelStream *)stream, "%s\r\n", resp); + memset (resp, '\0', strlen(resp)); g_free(resp); if (ret == -1) goto ioerror;
