Overview

File ssmtp-password-leak.patch of Package ssmtp

--- ssmtp-2.61.redhat/ssmtp.c	2006-12-08 01:25:35.000000000 +0200
+++ ssmtp-2.61.debian/ssmtp.c	2006-12-08 01:24:25.000000000 +0200
@@ -1404,6 +1406,7 @@
 	struct passwd *pw;
 	int i, sock;
 	uid_t uid;
+	bool_t minus_v_save;
 	int timeout = 0;
 
 	outbytes = 0;
@@ -1520,7 +1523,12 @@
 #ifdef MD5AUTH
 		}
 #endif
+		/* We do NOT want the password output to STDERR
+		 * even base64 encoded.*/
+		minus_v_save = minus_v;
+		minus_v = False;
 		outbytes += smtp_write(sock, "%s", buf);
+		minus_v = minus_v_save;
 		(void)alarm((unsigned) MEDWAIT);
 
 		if(smtp_okay(sock, buf) == False) {
openSUSE Build Service is sponsored by
Places