From: tedu <tedu>
Date: Thu, 17 Jan 2019 05:35:35 +0000 (+0000)
Subject: clear the password even after a mismatch
X-Git-Tag: v6.6~31
X-Git-Url: https://git.armaanb.net/atreides/commit/?p=opendoas.git;a=commitdiff_plain;h=37bd6612bdffabe6d8a588b391bd353c39497abb

clear the password even after a mismatch
---

diff --git a/doas.c b/doas.c
index a327136..6223aff 100644
--- a/doas.c
+++ b/doas.c
@@ -234,6 +234,7 @@ authuser(char *myname, char *login_style, int persist)
 		errx(1, "a tty is required");
 	}
 	if (!auth_userresponse(as, response, 0)) {
+		explicit_bzero(rbuf, sizeof(rbuf));
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "failed auth for %s", myname);
 		errx(1, "Authorization failed");