Mercurial > pidgin.yaz
diff libpurple/protocols/jabber/auth_cyrus.c @ 30881:a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
About sasl_getsecret_t, sasl.h reads, in part:
outputs:
psecret set to password structure which must persist until
next call to getsecret **in same connection**, but middleware
will erase password data when it's done with it.
Clearly this needs to be per-JabberStream*, not a static var.
Jan Kaluza noted the static var and then I noted the sasl.h docs.
Fixes #11560
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Fri, 27 Aug 2010 04:30:23 +0000 |
parents | 1cdae196aac8 |
children | 3f5ff1ea4802 |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_cyrus.c Thu Aug 26 04:37:24 2010 +0000 +++ b/libpurple/protocols/jabber/auth_cyrus.c Fri Aug 27 04:30:23 2010 +0000 @@ -94,7 +94,6 @@ PurpleAccount *account; const char *pw; size_t len; - static sasl_secret_t *x = NULL; account = purple_connection_get_account(js->gc); pw = purple_account_get_password(account); @@ -104,15 +103,15 @@ len = strlen(pw); /* Not an off-by-one because sasl_secret_t defines char data[1] */ - x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len); - - if (!x) + /* TODO: This can probably be moved to glib's allocator */ + js->sasl_secret = malloc(sizeof(sasl_secret_t) + len); + if (!js->sasl_secret) return SASL_NOMEM; - x->len = len; - strcpy((char*)x->data, pw); + js->sasl_secret->len = len; + strcpy((char*)js->sasl_secret->data, pw); - *secret = x; + *secret = js->sasl_secret; return SASL_OK; }