[virt-tools-list] [PATCH virt-viewer 1/2] Auth: fix leak of username
Fabiano Fidêncio
fabiano at fidencio.org
Tue Aug 12 23:47:53 UTC 2014
On Tue, Aug 12, 2014 at 6:10 PM, Jonathon Jongsma <jjongsma at redhat.com>
wrote:
> When collect_credentials() returns a failure status, 'username' was
> potentially leaked.
> ---
> src/remote-viewer.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> Fixed leak mentioned by Christophe
>
> diff --git a/src/remote-viewer.c b/src/remote-viewer.c
> index 30f8444..1f2fa0d 100644
> --- a/src/remote-viewer.c
> +++ b/src/remote-viewer.c
> @@ -717,17 +717,16 @@ authenticate_cb(RestProxy *proxy, G_GNUC_UNUSED
> RestProxyAuth *auth,
> "oVirt",
> NULL,
> &username, &password);
> - if (ret < 0) {
> - return FALSE;
> - } else {
> + if (ret == 0) {
> g_object_set(G_OBJECT(proxy),
> "username", username,
> "password", password,
> NULL);
> - g_free(username);
> - g_free(password);
> - return TRUE;
> }
> +
> + g_free(username);
> + g_free(password);
> + return (ret == 0);
> }
>
>
> --
> 1.9.3
>
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list at redhat.com
> https://www.redhat.com/mailman/listinfo/virt-tools-list
>
ACK!
--
Fabiano Fidêncio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20140813/91ff6883/attachment.htm>
More information about the virt-tools-list
mailing list