From c76d76205fb056b7b0d96c97b991a299dc080417 Mon Sep 17 00:00:00 2001 From: C. McEnroe Date: Sun, 4 Jul 2021 16:55:12 -0400 Subject: Zero out server password after sending Also send it directly using ircSend to avoid copying it and logging it to . --- chat.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/chat.c b/chat.c index 7bd68e0..5d9ad5e 100644 --- a/chat.c +++ b/chat.c @@ -150,7 +150,7 @@ int main(int argc, char *argv[]) { bool log = false; bool sasl = false; - const char *pass = NULL; + char *pass = NULL; const char *nick = NULL; const char *user = NULL; const char *real = NULL; @@ -344,7 +344,12 @@ int main(int argc, char *argv[]) { } #endif - if (pass) ircFormat("PASS :%s\r\n", pass); + if (pass) { + ircFormat("PASS :"); + ircSend(pass, strlen(pass)); + ircFormat("\r\n"); + explicit_bzero(pass, strlen(pass)); + } if (sasl) ircFormat("CAP REQ :sasl\r\n"); ircFormat("CAP LS\r\n"); ircFormat("NICK :%s\r\n", nick); -- cgit 1.4.1-2-gfad0