diff options
-rw-r--r-- | e-util/ChangeLog | 5 | ||||
-rw-r--r-- | e-util/e-passwords.c | 25 |
2 files changed, 19 insertions, 11 deletions
diff --git a/e-util/ChangeLog b/e-util/ChangeLog index bdc2568c69..4b76ec6458 100644 --- a/e-util/ChangeLog +++ b/e-util/ChangeLog @@ -1,3 +1,8 @@ +2002-04-19 Jeffrey Stedfast <fejj@ximian.com> + + * e-passwords.c (e_passwords_get_password): Don't leak the base64 + encoded password buffer. + 2002-04-16 Jeffrey Stedfast <fejj@ximian.com> * e-host-utils.c (e_gethostbyaddr_r): New wrapper around diff --git a/e-util/e-passwords.c b/e-util/e-passwords.c index 996d6cc592..7d5f25a545 100644 --- a/e-util/e-passwords.c +++ b/e-util/e-passwords.c @@ -246,29 +246,32 @@ e_passwords_forget_password (const char *key) char * e_passwords_get_password (const char *key) { - char *passwd = g_hash_table_lookup (passwords, key); - char *path; + char *path, *passwd = g_hash_table_lookup (passwords, key); CORBA_Environment ev; - + char *encoded; + if (passwd) return g_strdup (passwd); - + /* not part of the session hash, look it up in the on disk db */ path = password_path (key); - + /* We need to pass an ev to bonobo-conf, or it will emit a * g_warning if the data isn't found. */ CORBA_exception_init (&ev); - passwd = bonobo_config_get_string (db, path, &ev); + encoded = bonobo_config_get_string (db, path, &ev); CORBA_exception_free (&ev); - + g_free (path); - - if (passwd) - return decode_base64 (passwd); - else + + if (!encoded) return NULL; + + passwd = decode_base64 (encoded); + g_free (encoded); + + return passwd; } /** |