Restrict shrouding some more.

author Eric S. Raymond <esr@thyrsus.com>

Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)

committer Eric S. Raymond <esr@thyrsus.com>

Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)
author Eric S. Raymond <esr@thyrsus.com>
Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)
committer Eric S. Raymond <esr@thyrsus.com>
Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)
diff --git a/driver.c b/driver.c

index d33acfd114e742fe4d7471ea7dda7349b5b4fcc1..56f358b6c78a9ffd5416e311ebdf954506956772 100644 (file)
--- a/driver.c
+++ b/driver.c
@@ -1808,14 +1808,19 @@ const int maxfetch;             /* maximum number of messages to fetch */
         stage = STAGE_GETAUTH;
         if (protocol->getauth)
         {
-           if (protocol->password_canonify)
-               (protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
-           else
-               strcpy(shroud, ctl->password);
+           /* 
+            * We want to restrict shrouding as much as possible -- it 
+            * might actually leak information by splatting out revealing
+            * pieces of a message.
+            */
+           if (ctl->server.authenticate == A_PASSWORD)
+               if (protocol->password_canonify)
+                   (protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN);
+               else
+                   strcpy(shroud, ctl->password);
  
             ok = (protocol->getauth)(mailserver_socket, ctl, buf);
  
-           /* prevent shrouding later on -- it might backfire */
             shroud[0] = '\0';
  
             if (ok != 0)
author	Eric S. Raymond <esr@thyrsus.com>
	Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)
committer	Eric S. Raymond <esr@thyrsus.com>
	Tue, 13 Mar 2001 23:39:53 +0000 (23:39 -0000)