[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

use of SMTP_AUTH in checkpassword.c



Michael,

I'm confused about part of your patch to checkpassword.c. Toward the end of the
file, you have this:

#ifndef SMTP_AUTH
  for (i = 0;i < sizeof(up);++i) up[i] = 0;
#endif

Why put that line inside the #ifndef? It appears to me that the purpose of that
line is to zero out the temporary memory block to avoid a security hole by
direct local memory access. Why do you only have it set to run when SMTP_AUTH
is not defined?

-- 
Alex Howansky
Wankwood Associates
http://www.wankwood.com/