rpms / virt-viewer

Clone
Source Code
GIT

Files

  1.   4ab1942072efbd3ad3253c9a771fa48e83248fec
  2.   SOURCES
  3.   0043-Auth-fix-leak-of-username.patch
Blob Blame History Raw 
From 7e2d056bd8db3068d1660ad934feae4f3787fc9f Mon Sep 17 00:00:00 2001
From: Jonathon Jongsma <jjongsma@redhat.com>
Date: Tue, 12 Aug 2014 11:01:46 -0500
Subject: [PATCH] Auth: fix leak of username

When collect_credentials() returns a failure status, 'username' was
potentially leaked.

Resolves: rhbz#1061826
(cherry picked from commit b7c80494606c0dbfbae305411ad0080a5ef9282c)
---
 src/remote-viewer.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index d9d7baf..2d398c8 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -704,17 +704,16 @@ authenticate_cb(RestProxy *proxy, G_GNUC_UNUSED RestProxyAuth *auth,
                                                    "oVirt",
                                                    NULL,
                                                    &username, &password);
-    if (ret < 0) {
-        return FALSE;
-    } else {
+    if (ret == 0) {
         g_object_set(G_OBJECT(proxy),
                      "username", username,
                      "password", password,
                      NULL);
-        g_free(username);
-        g_free(password);
-        return TRUE;
     }
+
+    g_free(username);
+    g_free(password);
+    return (ret == 0);
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation