Yikes! Forgot to zero the password after SSH2 PW authentication.

git-svn-id: svn://svn.tartarus.org/sgt/putty@2512 cda61777-01e9-0310-a592-d414129be87e

diff --git a/ssh.c b/ssh.c
index 24617b1..eac3112 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -4942,6 +4942,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
                ssh2_pkt_addstring(ssh, "password");
                ssh2_pkt_addbool(ssh, FALSE);
                ssh2_pkt_addstring(ssh, s->password);
+               memset(s->password, 0, sizeof(s->password));
                ssh2_pkt_defer(ssh);
                /*
                 * We'll include a string that's an exact multiple of the