Mercurial > pidgin.yaz
diff libpurple/protocols/jabber/jabber.c @ 30881:a5131a257967
jabber: Fix a pernicious race condition in our cyrus auth code
About sasl_getsecret_t, sasl.h reads, in part:
outputs:
psecret set to password structure which must persist until
next call to getsecret **in same connection**, but middleware
will erase password data when it's done with it.
Clearly this needs to be per-JabberStream*, not a static var.
Jan Kaluza noted the static var and then I noted the sasl.h docs.
Fixes #11560
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Fri, 27 Aug 2010 04:30:23 +0000 |
parents | 6ee64d62c43c |
children | 8084631e2e84 |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/jabber.c Thu Aug 26 04:37:24 2010 +0000 +++ b/libpurple/protocols/jabber/jabber.c Fri Aug 27 04:30:23 2010 +0000 @@ -1631,6 +1631,8 @@ if(js->sasl_mechs) g_string_free(js->sasl_mechs, TRUE); g_free(js->sasl_cb); + /* Note: _not_ g_free. See auth_cyrus.c:jabber_sasl_cb_secret */ + free(js->sasl_secret); #endif g_free(js->serverFQDN); while(js->commands) {