diff options
| -rw-r--r-- | util/ChangeLog | 6 | ||||
| -rw-r--r-- | util/ttyio.c | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/util/ChangeLog b/util/ChangeLog index a87b5d799..a20716d10 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,9 @@ +2007-01-31 David Shaw <[email protected]> + + * ttyio.c (do_get): Assume that anything read from the user + without echoing to the screen is sensitive and put it in secure + memory. Suggested by Benjamin Bennett. + 2006-12-14 Werner Koch <[email protected]> * http.c (http_wait_response): No more shutdown. Fixes bug#739. diff --git a/util/ttyio.c b/util/ttyio.c index 97b160ef2..f763e6605 100644 --- a/util/ttyio.c +++ b/util/ttyio.c @@ -405,7 +405,8 @@ do_get( const char *prompt, int hidden ) init_ttyfp(); last_prompt_len = 0; - buf = xmalloc(n=50); + n = 50; + buf = hidden ? xmalloc_secure(n) : xmalloc(n); i = 0; #ifdef _WIN32 /* windoze version */ |