]> git.eshelyaron.com Git - emacs.git/commitdiff
projects / emacs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2d0b10b)
Use clear-string instead of fillarray to clobber secret strings
authorMattias EngdegÄrd <mattiase@acm.org>
Tue, 7 May 2024 07:19:09 +0000 (09:19 +0200)
committerEshel Yaron <me@eshelyaron.com>
Wed, 8 May 2024 16:48:38 +0000 (18:48 +0200)
* lisp/net/sasl-cram.el (sasl-cram-md5-response):
* lisp/net/sasl-digest.el (sasl-digest-md5-response-value):
* lisp/net/sasl.el (sasl-plain-response):
`fillarray` signals an error for strings that contain multibyte chars;
`clear-string` always works for this purpose.

(cherry picked from commit 1ac70626fa6720a407a23b1b9c14364e5a9230ae)

lisp/net/sasl-cram.el patch | blob | history
lisp/net/sasl-digest.el patch | blob | history
lisp/net/sasl.el patch | blob | history

diff --git a/lisp/net/sasl-cram.el b/lisp/net/sasl-cram.el
index ed6e00f578a40f67c5a2ee750c49d70b78d1a416..d720c4efe6b34fe7e929e97787a73ab5606f0c19 100644 (file)
--- a/lisp/net/sasl-cram.el
+++ b/lisp/net/sasl-cram.el
@@ -42,7 +42,7 @@
        (concat (sasl-client-name client) " "
                (encode-hex-string
                 (hmac-md5 (sasl-step-data step) passphrase)))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))
 
 (put 'sasl-cram 'sasl-mechanism
      (sasl-make-mechanism "CRAM-MD5" sasl-cram-md5-steps))
diff --git a/lisp/net/sasl-digest.el b/lisp/net/sasl-digest.el
index 75106fceee9684a4fb5a6fe89d04eb6e9adaed69..c8f38abb2aabb781cb36a4a69586fb1ed99a9dc1 100644 (file)
--- a/lisp/net/sasl-digest.el
+++ b/lisp/net/sasl-digest.el
@@ -107,7 +107,7 @@ charset algorithm cipher-opts auth-param)."
             (concat "AUTHENTICATE:" digest-uri
                     (if (member qop '("auth-int" "auth-conf"))
                         ":00000000000000000000000000000000")))))))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))
 
 (defun sasl-digest-md5-response (client step)
   (let* ((plist
diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el
index 621b873af5929cb4855b12564aeed6cab144e407..eb3d94475b91f85cfa9673647fee9743b1247930 100644 (file)
--- a/lisp/net/sasl.el
+++ b/lisp/net/sasl.el
@@ -219,7 +219,7 @@ It contain at least 64 bits of entropy."
                 (not (string= authenticator-name name)))
            (concat authenticator-name "\0" name "\0" passphrase)
          (concat "\0" name "\0" passphrase))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))
 
 (put 'sasl-plain 'sasl-mechanism
      (sasl-make-mechanism "PLAIN" sasl-plain-steps))
Unnamed repository; edit this file 'description' to name the repository.