From: Jeremy Harris Date: Mon, 17 May 2021 11:40:51 +0000 (+0100) Subject: gsasl authenticator: do not try to clear server password after use, if X-Git-Tag: exim-4.95-RC0~10^2~1 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/559d4875e1bcdb1169b272c37f936e82b0a8b0c0 gsasl authenticator: do not try to clear server password after use, if from config text --- diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index 7f9cc3295..479d01a29 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -757,7 +757,7 @@ switch (prop) for memory wiping, so expanding strings will leave stuff laying around. But no need to compound the problem, so get rid of the one we can. */ - memset(tmps, '\0', strlen(tmps)); + if (US tmps != s) memset(tmps, '\0', strlen(tmps)); cbrc = GSASL_OK; break;