1 files changed, 9 insertions, 5 deletions

diff --git a/src/auth.c b/src/auth.c
index 80a6583..4198302 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -59,7 +59,6 @@ static char *hash_pass_hex(const char *pass, const char *salt)
     for(unsigned int i = 0; i < hash_len; ++i, ptr += 2)
         snprintf(ptr, 3, "%02x", hash[i]);
     hex[hash_len * 2] = '\0';
-    sig_debugf("hash is %s\n", hex);
 
     gcry_free(hash);
 
@@ -199,19 +198,24 @@ struct userdata_t *auth_check(const char *name2, const char *pass2)
         sig_debugf("auth module: user %s found\n", name2);
         char *new_hash_hex = hash_pass_hex(pass, salt);
 
-        memset(pass, 0, strlen(pass));
-        free(pass);
-
         /* hashes are in HEX to avoid the Trucha bug */
         bool success = !memcmp(new_hash_hex, hash, strlen(hash));
 
         free(new_hash_hex);
 
         if(success)
+        {
+            memset(pass, 0, strlen(pass));
+            free(pass);
+
             return data;
+        }
     }
 
-    sig_debugf("auth failure: username not found\n");
+    sig_debugf("auth failure for user %s\n", name2);
+
+    memset(pass, 0, strlen(pass));
+    free(pass);
 
     /* failure */
     sleep(2);