Use clear-string instead of fillarray to clobber secret strings

* lisp/net/sasl-cram.el (sasl-cram-md5-response): * lisp/net/sasl-digest.el (sasl-digest-md5-response-value): * lisp/net/sasl.el (sasl-plain-response): `fillarray` signals an error for strings that contain multibyte chars; `clear-string` always works for this purpose.
2024-11-21 06:55:39 +00:00 · 2024-05-07 09:19:09 +02:00 · 2024-05-07 09:19:09 +02:00 · 1ac70626fa
commit 1ac70626fa
parent b08d5158c4
3 changed files with 3 additions and 3 deletions
--- a/lisp/net/sasl-cram.el
+++ b/lisp/net/sasl-cram.el
@ -42,7 +42,7 @@
 	(concat (sasl-client-name client) " "
 		(encode-hex-string
 		 (hmac-md5 (sasl-step-data step) passphrase)))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))

 (put 'sasl-cram 'sasl-mechanism
     (sasl-make-mechanism "CRAM-MD5" sasl-cram-md5-steps))
--- a/lisp/net/sasl-digest.el
+++ b/lisp/net/sasl-digest.el
@ -107,7 +107,7 @@ charset algorithm cipher-opts auth-param)."
 	     (concat "AUTHENTICATE:" digest-uri
 		     (if (member qop '("auth-int" "auth-conf"))
 			 ":00000000000000000000000000000000")))))))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))

 (defun sasl-digest-md5-response (client step)
  (let* ((plist
--- a/lisp/net/sasl.el
+++ b/lisp/net/sasl.el
@ -219,7 +219,7 @@ It contain at least 64 bits of entropy."
 		 (not (string= authenticator-name name)))
 	    (concat authenticator-name "\0" name "\0" passphrase)
 	  (concat "\0" name "\0" passphrase))
-      (fillarray passphrase 0))))
+      (clear-string passphrase))))

 (put 'sasl-plain 'sasl-mechanism
     (sasl-make-mechanism "PLAIN" sasl-plain-steps))