From: Mattias EngdegÄrd Date: Tue, 7 May 2024 07:19:09 +0000 (+0200) Subject: Use clear-string instead of fillarray to clobber secret strings X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=73c3d3175dd9c02dfaf2c79ea0296254cdfebc18;p=emacs.git Use clear-string instead of fillarray to clobber secret strings * lisp/net/sasl-cram.el (sasl-cram-md5-response): * lisp/net/sasl-digest.el (sasl-digest-md5-response-value): * lisp/net/sasl.el (sasl-plain-response): `fillarray` signals an error for strings that contain multibyte chars; `clear-string` always works for this purpose. (cherry picked from commit 1ac70626fa6720a407a23b1b9c14364e5a9230ae) --- diff --git a/lisp/net/sasl-cram.el b/lisp/net/sasl-cram.el index ed6e00f578a..d720c4efe6b 100644 --- a/lisp/net/sasl-cram.el +++ b/lisp/net/sasl-cram.el @@ -42,7 +42,7 @@ (concat (sasl-client-name client) " " (encode-hex-string (hmac-md5 (sasl-step-data step) passphrase))) - (fillarray passphrase 0)))) + (clear-string passphrase)))) (put 'sasl-cram 'sasl-mechanism (sasl-make-mechanism "CRAM-MD5" sasl-cram-md5-steps)) diff --git a/lisp/net/sasl-digest.el b/lisp/net/sasl-digest.el index 75106fceee9..c8f38abb2aa 100644 --- a/lisp/net/sasl-digest.el +++ b/lisp/net/sasl-digest.el @@ -107,7 +107,7 @@ charset algorithm cipher-opts auth-param)." (concat "AUTHENTICATE:" digest-uri (if (member qop '("auth-int" "auth-conf")) ":00000000000000000000000000000000"))))))) - (fillarray passphrase 0)))) + (clear-string passphrase)))) (defun sasl-digest-md5-response (client step) (let* ((plist diff --git a/lisp/net/sasl.el b/lisp/net/sasl.el index 621b873af59..eb3d94475b9 100644 --- a/lisp/net/sasl.el +++ b/lisp/net/sasl.el @@ -219,7 +219,7 @@ It contain at least 64 bits of entropy." (not (string= authenticator-name name))) (concat authenticator-name "\0" name "\0" passphrase) (concat "\0" name "\0" passphrase)) - (fillarray passphrase 0)))) + (clear-string passphrase)))) (put 'sasl-plain 'sasl-mechanism (sasl-make-mechanism "PLAIN" sasl-plain-steps))