diff options
-rw-r--r-- | fetchmail.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/fetchmail.c b/fetchmail.c index 172abc99..1e6f7b1b 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -713,21 +713,6 @@ void termhook(int sig) { struct query *ctl; - /* - * Craig Metz, the RFC1938 one-time-password guy, points out: - * "Remember that most kernels don't zero pages before handing them to the - * next process and many kernels share pages between user and kernel space. - * You'd be very surprised what you can find from a short program to do a - * malloc() and then dump the contents of the pages you got. By zeroing - * the secrets at end of run (earlier if you can), you make sure the next - * guy can't get the password/pass phrase." - * - * Right you are, Craig! - */ - for (ctl = querylist; ctl; ctl = ctl->next) - if (ctl->password) - memset(ctl->password, '\0', strlen(ctl->password)); - /* * Sending SMTP QUIT on signal is theoretically nice, but led to a * subtle bug. If fetchmail was terminated by signal while it was @@ -749,6 +734,22 @@ void termhook(int sig) if (!check_only) write_saved_lists(querylist, idfile); + /* + * Craig Metz, the RFC1938 one-time-password guy, points out: + * "Remember that most kernels don't zero pages before handing them to the + * next process and many kernels share pages between user and kernel space. + * You'd be very surprised what you can find from a short program to do a + * malloc() and then dump the contents of the pages you got. By zeroing + * the secrets at end of run (earlier if you can), you make sure the next + * guy can't get the password/pass phrase." + * + * Right you are, Craig! + */ + for (ctl = querylist; ctl; ctl = ctl->next) + if (ctl->password) + memset(ctl->password, '\0', strlen(ctl->password)); + } + #if !defined(HAVE_ATEXIT) && !defined(HAVE_ON_EXIT) unlockit(); #endif |