diff options
Diffstat (limited to 'fetchmail.c')
| -rw-r--r-- | fetchmail.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/fetchmail.c b/fetchmail.c index 3b8fa05f..7810ec9b 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -658,11 +658,26 @@ void termhook(int sig) { struct query *ctl; + /* + * Craig Metz, the RFC1938 one-time-password guy, points out: + * "Remember that most kernels don't zero pages before handing them to the + * next process and many kernels share pages between user and kernel space. + * You'd be very surprised what you can find from a short program to do a + * malloc() and then dump the contents of the pages you got. By zeroing + * the secrets at end of run (earlier if you can), you make sure the next + * guy can't get the password/pass phrase." + * + * Right you are, Craig! + */ + for (ctl = querylist; ctl; ctl = ctl->next) + if (ctl->password) + memset(ctl->password, '\0', strlen(ctl->password)); + /* * Sending SMTP QUIT on signal is theoretically nice, but led to a * subtle bug. If fetchmail was terminated by signal while it was * shipping message text, it would hang forever waiting for a - * command acknowledge. In theory we could disable the QUIT + * command acknowledge. In theory we could enable the QUIT * only outside of the message send. In practice, we don't * care. All mailservers hang up on a dropped TCP/IP connection * anyway. |