aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--e-util/ChangeLog5
-rw-r--r--e-util/e-passwords.c25
2 files changed, 19 insertions, 11 deletions
diff --git a/e-util/ChangeLog b/e-util/ChangeLog
index bdc2568c69..4b76ec6458 100644
--- a/e-util/ChangeLog
+++ b/e-util/ChangeLog
@@ -1,3 +1,8 @@
+2002-04-19 Jeffrey Stedfast <fejj@ximian.com>
+
+ * e-passwords.c (e_passwords_get_password): Don't leak the base64
+ encoded password buffer.
+
2002-04-16 Jeffrey Stedfast <fejj@ximian.com>
* e-host-utils.c (e_gethostbyaddr_r): New wrapper around
diff --git a/e-util/e-passwords.c b/e-util/e-passwords.c
index 996d6cc592..7d5f25a545 100644
--- a/e-util/e-passwords.c
+++ b/e-util/e-passwords.c
@@ -246,29 +246,32 @@ e_passwords_forget_password (const char *key)
char *
e_passwords_get_password (const char *key)
{
- char *passwd = g_hash_table_lookup (passwords, key);
- char *path;
+ char *path, *passwd = g_hash_table_lookup (passwords, key);
CORBA_Environment ev;
-
+ char *encoded;
+
if (passwd)
return g_strdup (passwd);
-
+
/* not part of the session hash, look it up in the on disk db */
path = password_path (key);
-
+
/* We need to pass an ev to bonobo-conf, or it will emit a
* g_warning if the data isn't found.
*/
CORBA_exception_init (&ev);
- passwd = bonobo_config_get_string (db, path, &ev);
+ encoded = bonobo_config_get_string (db, path, &ev);
CORBA_exception_free (&ev);
-
+
g_free (path);
-
- if (passwd)
- return decode_base64 (passwd);
- else
+
+ if (!encoded)
return NULL;
+
+ passwd = decode_base64 (encoded);
+ g_free (encoded);
+
+ return passwd;
}
/**