diff options
author | Jeffrey Stedfast <fejj@ximian.com> | 2002-04-20 10:25:01 +0800 |
---|---|---|
committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2002-04-20 10:25:01 +0800 |
commit | c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e (patch) | |
tree | 2a93772ed44384e136ea780717e5b3b37aea8cfd /e-util | |
parent | 31c87215157fd3250414560d1d72a41d01253081 (diff) | |
download | gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar.gz gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar.bz2 gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar.lz gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar.xz gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.tar.zst gsoc2013-evolution-c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e.zip |
Don't leak the base64 encoded password buffer.
2002-04-19 Jeffrey Stedfast <fejj@ximian.com>
* e-passwords.c (e_passwords_get_password): Don't leak the base64
encoded password buffer.
svn path=/trunk/; revision=16551
Diffstat (limited to 'e-util')
-rw-r--r-- | e-util/ChangeLog | 5 | ||||
-rw-r--r-- | e-util/e-passwords.c | 25 |
2 files changed, 19 insertions, 11 deletions
diff --git a/e-util/ChangeLog b/e-util/ChangeLog index bdc2568c69..4b76ec6458 100644 --- a/e-util/ChangeLog +++ b/e-util/ChangeLog @@ -1,3 +1,8 @@ +2002-04-19 Jeffrey Stedfast <fejj@ximian.com> + + * e-passwords.c (e_passwords_get_password): Don't leak the base64 + encoded password buffer. + 2002-04-16 Jeffrey Stedfast <fejj@ximian.com> * e-host-utils.c (e_gethostbyaddr_r): New wrapper around diff --git a/e-util/e-passwords.c b/e-util/e-passwords.c index 996d6cc592..7d5f25a545 100644 --- a/e-util/e-passwords.c +++ b/e-util/e-passwords.c @@ -246,29 +246,32 @@ e_passwords_forget_password (const char *key) char * e_passwords_get_password (const char *key) { - char *passwd = g_hash_table_lookup (passwords, key); - char *path; + char *path, *passwd = g_hash_table_lookup (passwords, key); CORBA_Environment ev; - + char *encoded; + if (passwd) return g_strdup (passwd); - + /* not part of the session hash, look it up in the on disk db */ path = password_path (key); - + /* We need to pass an ev to bonobo-conf, or it will emit a * g_warning if the data isn't found. */ CORBA_exception_init (&ev); - passwd = bonobo_config_get_string (db, path, &ev); + encoded = bonobo_config_get_string (db, path, &ev); CORBA_exception_free (&ev); - + g_free (path); - - if (passwd) - return decode_base64 (passwd); - else + + if (!encoded) return NULL; + + passwd = decode_base64 (encoded); + g_free (encoded); + + return passwd; } /** |