From 5cd14df84aba026ab5d5a6e71c4c1ca923e1616c Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Wed, 4 Sep 1996 14:41:30 +0000
Subject: clear passwd, for safety

---
 libexec/ftpd/ftpcmd.y | 1 +
 libexec/ftpd/ftpd.c   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index f26db5b6f84..276fb93eff3 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -152,6 +152,7 @@ cmd
 	| PASS SP password CRLF
 		{
 			pass($3);
+			memset($3, 0, strlen($3));
 			free($3);
 		}
 	| PORT SP host_port CRLF
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 6ca18fdaf23..e659f7fa1bd 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftpd.c,v 1.17 1996/08/27 10:08:37 deraadt Exp $	*/
+/*	$OpenBSD: ftpd.c,v 1.18 1996/09/04 14:41:29 deraadt Exp $	*/
 /*	$NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $	*/
 
 /*
@@ -1555,7 +1555,7 @@ yyerror(s)
 
 	if (cp = strchr(cbuf,'\n'))
 		*cp = '\0';
-	reply(500, "'%s': command not understood.", cbuf);
+	reply(500, "'%s': command not understood: %s.", cbuf, s);
 }
 
 void
-- 
cgit v1.2.3