From 94719f385ba4478c46a737edafd9cbbcd1485028 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 13 Mar 2001 23:39:53 +0000
Subject: Restrict shrouding some more.

svn path=/trunk/; revision=3250
---
 driver.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'driver.c')

diff --git a/driver.c b/driver.c
index d33acfd1..56f358b6 100644
--- a/driver.c
+++ b/driver.c
@@ -1808,14 +1808,19 @@ const int maxfetch;		/* maximum number of messages to fetch */
 	stage = STAGE_GETAUTH;
 	if (protocol->getauth)
 	{
-	    if (protocol->password_canonify)
-		(protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
-	    else
-		strcpy(shroud, ctl->password);
+	    /* 
+	     * We want to restrict shrouding as much as possible -- it 
+	     * might actually leak information by splatting out revealing
+	     * pieces of a message.
+	     */
+	    if (ctl->server.authenticate == A_PASSWORD)
+		if (protocol->password_canonify)
+		    (protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
+		else
+		    strcpy(shroud, ctl->password);
 
 	    ok = (protocol->getauth)(mailserver_socket, ctl, buf);
 
-	    /* prevent shrouding later on -- it might backfire */
 	    shroud[0] = '\0';
 
 	    if (ok != 0)
-- 
cgit v1.2.3