PR/34030: Takehiko NOZAKI: double-free bugs in CVS 1.11.22

Don't free/trash the password if we did not allocate it using scramble().
2006-07-18 16:27:19 +00:00 · 2006-07-18 16:27:19 +00:00 · 4bfcc501c1
parent 2bc28e91d7
commit 4bfcc501c1
1 changed files with 5 additions and 2 deletions
--- a/gnu/dist/xcvs/src/client.c
+++ b/gnu/dist/xcvs/src/client.c
@ -3936,8 +3936,11 @@ auth_server (root, lto_server, lfrom_server, verify_only, do_gssapi)
 	send_to_server("\012", 1);

        /* Paranoia. */
-        memset (password, 0, strlen (password));
-	free (password);
+	if (no_passwd)
+	{
+	    memset (password, 0, strlen (password));
+	    free (password);
+	}
 # else /* ! AUTH_CLIENT_SUPPORT */
 	error (1, 0, "INTERNAL ERROR: This client does not support pserver authentication");
 # endif /* AUTH_CLIENT_SUPPORT */