Mercurial > pidgin.yaz

diff libpurple/protocols/jabber/jabber.c @ 30881:a5131a257967

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jabber: Fix a pernicious race condition in our cyrus auth code About sasl_getsecret_t, sasl.h reads, in part: outputs: psecret set to password structure which must persist until next call to getsecret **in same connection**, but middleware will erase password data when it's done with it. Clearly this needs to be per-JabberStream*, not a static var. Jan Kaluza noted the static var and then I noted the sasl.h docs. Fixes #11560
author Paul Aurich <paul@darkrain42.org>
date Fri, 27 Aug 2010 04:30:23 +0000
parents 6ee64d62c43c
children 8084631e2e84
line wrap: on
line diff
--- a/libpurple/protocols/jabber/jabber.c	Thu Aug 26 04:37:24 2010 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Fri Aug 27 04:30:23 2010 +0000
@@ -1631,6 +1631,8 @@
 	if(js->sasl_mechs)
 		g_string_free(js->sasl_mechs, TRUE);
 	g_free(js->sasl_cb);
+	/* Note: _not_ g_free.  See auth_cyrus.c:jabber_sasl_cb_secret */
+	free(js->sasl_secret);
 #endif
 	g_free(js->serverFQDN);
 	while(js->commands) {