Mercurial > pidgin

diff libpurple/protocols/jabber/auth_cyrus.c @ 30448:a5131a257967

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jabber: Fix a pernicious race condition in our cyrus auth code About sasl_getsecret_t, sasl.h reads, in part: outputs: psecret set to password structure which must persist until next call to getsecret **in same connection**, but middleware will erase password data when it's done with it. Clearly this needs to be per-JabberStream*, not a static var. Jan Kaluza noted the static var and then I noted the sasl.h docs. Fixes #11560
author Paul Aurich <paul@darkrain42.org>
date Fri, 27 Aug 2010 04:30:23 +0000
parents 1cdae196aac8
children 3f5ff1ea4802
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_cyrus.c	Thu Aug 26 04:37:24 2010 +0000
+++ b/libpurple/protocols/jabber/auth_cyrus.c	Fri Aug 27 04:30:23 2010 +0000
@@ -94,7 +94,6 @@
 	PurpleAccount *account;
 	const char *pw;
 	size_t len;
-	static sasl_secret_t *x = NULL;
 
 	account = purple_connection_get_account(js->gc);
 	pw = purple_account_get_password(account);
@@ -104,15 +103,15 @@
 
 	len = strlen(pw);
 	/* Not an off-by-one because sasl_secret_t defines char data[1] */
-	x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
-
-	if (!x)
+	/* TODO: This can probably be moved to glib's allocator */
+	js->sasl_secret = malloc(sizeof(sasl_secret_t) + len);
+	if (!js->sasl_secret)
 		return SASL_NOMEM;
 
-	x->len = len;
-	strcpy((char*)x->data, pw);
+	js->sasl_secret->len = len;
+	strcpy((char*)js->sasl_secret->data, pw);
 
-	*secret = x;
+	*secret = js->sasl_secret;
 	return SASL_OK;
 }