From c2dbcb18f260d7bc7ed5a89e482cfb7649792b3e Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Sat, 20 Apr 2002 02:25:01 +0000 Subject: Don't leak the base64 encoded password buffer. 2002-04-19 Jeffrey Stedfast * e-passwords.c (e_passwords_get_password): Don't leak the base64 encoded password buffer. svn path=/trunk/; revision=16551 --- e-util/ChangeLog | 5 +++++ e-util/e-passwords.c | 25 ++++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/e-util/ChangeLog b/e-util/ChangeLog index bdc2568c69..4b76ec6458 100644 --- a/e-util/ChangeLog +++ b/e-util/ChangeLog @@ -1,3 +1,8 @@ +2002-04-19 Jeffrey Stedfast + + * e-passwords.c (e_passwords_get_password): Don't leak the base64 + encoded password buffer. + 2002-04-16 Jeffrey Stedfast * e-host-utils.c (e_gethostbyaddr_r): New wrapper around diff --git a/e-util/e-passwords.c b/e-util/e-passwords.c index 996d6cc592..7d5f25a545 100644 --- a/e-util/e-passwords.c +++ b/e-util/e-passwords.c @@ -246,29 +246,32 @@ e_passwords_forget_password (const char *key) char * e_passwords_get_password (const char *key) { - char *passwd = g_hash_table_lookup (passwords, key); - char *path; + char *path, *passwd = g_hash_table_lookup (passwords, key); CORBA_Environment ev; - + char *encoded; + if (passwd) return g_strdup (passwd); - + /* not part of the session hash, look it up in the on disk db */ path = password_path (key); - + /* We need to pass an ev to bonobo-conf, or it will emit a * g_warning if the data isn't found. */ CORBA_exception_init (&ev); - passwd = bonobo_config_get_string (db, path, &ev); + encoded = bonobo_config_get_string (db, path, &ev); CORBA_exception_free (&ev); - + g_free (path); - - if (passwd) - return decode_base64 (passwd); - else + + if (!encoded) return NULL; + + passwd = decode_base64 (encoded); + g_free (encoded); + + return passwd; } /** -- cgit v1.2.3