diff --git a/rdesktop.c b/rdesktop.c index b3878fb..9ebced8 100644 --- a/rdesktop.c +++ b/rdesktop.c @@ -3,7 +3,7 @@ Entrypoint and utility functions Copyright (C) Matthew Chapman 1999-2008 Copyright 2002-2011 Peter Astrand for Cendio AB - Copyright 2010-2013 Henrik Andersson for Cendio AB + Copyright 2010-2014 Henrik Andersson for Cendio AB This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -61,6 +61,7 @@ uint8 g_static_rdesktop_salt_16[16] = { char g_title[64] = ""; char *g_username; +char g_password[64] = ""; char g_hostname[16] = ""; char g_keymapname[PATH_MAX] = ""; unsigned int g_keylayout = 0x409; /* Defaults to US keyboard layout */ @@ -521,7 +522,6 @@ main(int argc, char *argv[]) char server[256]; char fullhostname[64]; char domain[256]; - char password[64]; char shell[256]; char directory[256]; RD_BOOL prompt_password, deactivated; @@ -556,7 +556,7 @@ main(int argc, char *argv[]) flags = RDP_LOGON_NORMAL; prompt_password = False; - g_seamless_spawn_cmd[0] = domain[0] = password[0] = shell[0] = directory[0] = 0; + g_seamless_spawn_cmd[0] = domain[0] = g_password[0] = shell[0] = directory[0] = 0; g_embed_wnd = 0; g_num_devices = 0; @@ -623,7 +623,7 @@ main(int argc, char *argv[]) break; } - STRNCPY(password, optarg, sizeof(password)); + STRNCPY(g_password, optarg, sizeof(g_password)); flags |= RDP_LOGON_AUTO; /* try to overwrite argument so it won't appear in ps */ @@ -1058,7 +1058,7 @@ main(int argc, char *argv[]) xfree(locale); - if (prompt_password && read_password(password, sizeof(password))) + if (prompt_password && read_password(g_password, sizeof(g_password))) flags |= RDP_LOGON_AUTO; if (g_title[0] == 0) @@ -1068,7 +1068,7 @@ main(int argc, char *argv[]) } #ifdef RDP2VNC - rdp2vnc_connect(server, flags, domain, password, shell, directory); + rdp2vnc_connect(server, flags, domain, g_password, shell, directory); return EX_OK; #else @@ -1131,7 +1131,7 @@ main(int argc, char *argv[]) ui_init_connection(); if (!rdp_connect - (server, flags, domain, password, shell, directory, g_reconnect_loop)) + (server, flags, domain, g_password, shell, directory, g_reconnect_loop)) { g_network_error = False; @@ -1157,9 +1157,7 @@ main(int argc, char *argv[]) if (!g_packet_encryption) g_encryption_initial = g_encryption = False; - DEBUG(("Connection successful.\n")); - memset(password, 0, sizeof(password)); rd_create_ui(); tcp_run_ui(True); diff --git a/rdp.c b/rdp.c index 00b0340..2aee7f8 100644 --- a/rdp.c +++ b/rdp.c @@ -3,7 +3,7 @@ Protocol services - RDP layer Copyright (C) Matthew Chapman 1999-2008 Copyright 2003-2011 Peter Astrand for Cendio AB - Copyright 2011-2013 Henrik Andersson for Cendio AB + Copyright 2011-2014 Henrik Andersson for Cendio AB This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -39,6 +39,7 @@ extern uint16 g_mcs_userid; extern char *g_username; +extern char g_password[64]; extern char g_codepage[16]; extern RD_BOOL g_bitmap_compression; extern RD_BOOL g_orders; @@ -1711,6 +1712,11 @@ rdp_loop(RD_BOOL * deactivated, uint32 * ext_disc_reason) return process_redirect_pdu(s, True); break; case RDP_PDU_DATA: + /* If we got a data PDU, we don't need to keep the password in memory + anymore and therefor we should clear it for security reasons. */ + if (g_password[0] != '\0') + memset(g_password, 0, sizeof(g_password)); + process_data_pdu(s, ext_disc_reason); break; case 0: