From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Mon, 2 Oct 2023 23:28:44 +0000 (+0200)
Subject: lib-smtp: smtp-server-cmd-auth - Clear potentially secret authentication data asap
X-Git-Tag: 2.4.0~2499
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be89217c1b550d85eed16c3c438e75c6850d29fd;p=thirdparty%2Fdovecot%2Fcore.git

lib-smtp: smtp-server-cmd-auth - Clear potentially secret authentication data asap
---

diff --git a/src/lib-smtp/smtp-server-cmd-auth.c b/src/lib-smtp/smtp-server-cmd-auth.c
index 8de6df728d..f33c2a16b9 100644
--- a/src/lib-smtp/smtp-server-cmd-auth.c
+++ b/src/lib-smtp/smtp-server-cmd-auth.c
@@ -73,6 +73,9 @@ static void cmd_auth_input(struct smtp_server_cmd_ctx *cmd)
 	ret = smtp_command_parse_auth_response(
 		conn->smtp_parser, &auth_response, &error_code, &error);
 	if (ret <= 0) {
+		if (ret < 0)
+			smtp_command_parser_clear(conn->smtp_parser);
+
 		/* check for disconnect */
 		if (conn->conn.input->eof) {
 			smtp_server_connection_close(&conn,
@@ -116,6 +119,7 @@ static void cmd_auth_input(struct smtp_server_cmd_ctx *cmd)
 		 callbacks->conn_cmd_auth_continue != NULL);
 	ret = callbacks->conn_cmd_auth_continue(conn->context, cmd,
 						auth_response);
+	smtp_command_parser_clear(conn->smtp_parser);
 	if (ret <= 0) {
 		/* command is waiting for external event or it failed */
 		i_assert(ret == 0 || smtp_server_command_is_replied(command));