From be89217c1b550d85eed16c3c438e75c6850d29fd Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Tue, 3 Oct 2023 01:28:44 +0200
Subject: [PATCH] lib-smtp: smtp-server-cmd-auth - Clear potentially secret
 authentication data asap

---
 src/lib-smtp/smtp-server-cmd-auth.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lib-smtp/smtp-server-cmd-auth.c b/src/lib-smtp/smtp-server-cmd-auth.c
index 8de6df728d..f33c2a16b9 100644
--- a/src/lib-smtp/smtp-server-cmd-auth.c
+++ b/src/lib-smtp/smtp-server-cmd-auth.c
@@ -73,6 +73,9 @@ static void cmd_auth_input(struct smtp_server_cmd_ctx *cmd)
 	ret = smtp_command_parse_auth_response(
 		conn->smtp_parser, &auth_response, &error_code, &error);
 	if (ret <= 0) {
+		if (ret < 0)
+			smtp_command_parser_clear(conn->smtp_parser);
+
 		/* check for disconnect */
 		if (conn->conn.input->eof) {
 			smtp_server_connection_close(&conn,
@@ -116,6 +119,7 @@ static void cmd_auth_input(struct smtp_server_cmd_ctx *cmd)
 		 callbacks->conn_cmd_auth_continue != NULL);
 	ret = callbacks->conn_cmd_auth_continue(conn->context, cmd,
 						auth_response);
+	smtp_command_parser_clear(conn->smtp_parser);
 	if (ret <= 0) {
 		/* command is waiting for external event or it failed */
 		i_assert(ret == 0 || smtp_server_command_is_replied(command));
-- 
2.47.3