burn the buffer a bit earlier

--HG-- extra : convert_revision : 1f069f6a8a2ecee6f2e22b51751b73982606accb
2025-01-31 10:57:01 +00:00 · 2004-08-08 16:44:11 +00:00 · 2004-08-08 16:44:11 +00:00 · 2a2fdc168c
commit 2a2fdc168c
parent 418f3b4042
1 changed files with 2 additions and 2 deletions
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@ -87,6 +87,8 @@ void svr_auth_password() {

 	/* the first bytes of passwdcrypt are the salt */
 	testcrypt = crypt((char*)password, passwdcrypt);
+	m_burn(password, passwordlen);
+	m_free(password);

 	if (strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
@ -101,8 +103,6 @@ void svr_auth_password() {
 		send_msg_userauth_failure(0, 1);
 	}

-	m_burn(password, passwordlen);
-	m_free(password);
 }

 #endif /* DROPBEAR_PASSWORD_AUTH */