Restrict shrouding some more.

svn path=/trunk/; revision=3250
author: Eric S. Raymond <esr@thyrsus.com> 2001-03-13 23:39:53 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 2001-03-13 23:39:53 +0000
commit: 94719f385ba4478c46a737edafd9cbbcd1485028 (patch)
tree: f225667fd836e657ca57de5ea4964ce0fbd2ce72 /driver.c
parent: bbe77448fcca03bec5bf6cdadb6c37dd32f067b8 (diff)
download: fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.tar.gz
fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.tar.bz2
fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.zip
1 files changed, 10 insertions, 5 deletions
diff --git a/driver.c b/driver.c
index d33acfd1..56f358b6 100644
--- a/driver.c
+++ b/driver.c
@@ -1808,14 +1808,19 @@ const int maxfetch;		/* maximum number of messages to fetch */
 	stage = STAGE_GETAUTH;
 	if (protocol->getauth)
 	{
-	    if (protocol->password_canonify)
-		(protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
-	    else
-		strcpy(shroud, ctl->password);
+	    /* 
+	     * We want to restrict shrouding as much as possible -- it 
+	     * might actually leak information by splatting out revealing
+	     * pieces of a message.
+	     */
+	    if (ctl->server.authenticate == A_PASSWORD)
+		if (protocol->password_canonify)
+		    (protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
+		else
+		    strcpy(shroud, ctl->password);
 
 	    ok = (protocol->getauth)(mailserver_socket, ctl, buf);
 
-	    /* prevent shrouding later on -- it might backfire */
 	    shroud[0] = '\0';
 
 	    if (ok != 0)
author	Eric S. Raymond <esr@thyrsus.com>	2001-03-13 23:39:53 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	2001-03-13 23:39:53 +0000
commit	94719f385ba4478c46a737edafd9cbbcd1485028 (patch)
tree	f225667fd836e657ca57de5ea4964ce0fbd2ce72 /driver.c
parent	bbe77448fcca03bec5bf6cdadb6c37dd32f067b8 (diff)
download	fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.tar.gz fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.tar.bz2 fetchmail-94719f385ba4478c46a737edafd9cbbcd1485028.zip