46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
|
|
Date: Fri, 9 Jun 2017 19:31:17 -0600
|
|
Subject: give each ctl it's own copy of password
|
|
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
|
|
Git-commit: 469b0a212e7f047ab16ef46a9158df5fb373e8c2
|
|
|
|
pwdb_* and passwordfile options may free and re-allocate password
|
|
for each poll operation. Giving each context it's own copy of
|
|
the password should prevent accessing freed memory in another copy.
|
|
|
|
I haven't tested pwmd, but these seem like obvious fixes.
|
|
---
|
|
fetchmail.c | 12 ++++++++++--
|
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
|
|
Index: fetchmail-6.5.1/fetchmail.c
|
|
===================================================================
|
|
--- fetchmail-6.5.1.orig/fetchmail.c
|
|
+++ fetchmail-6.5.1/fetchmail.c
|
|
@@ -470,7 +470,7 @@ int main(int argc, char **argv)
|
|
if (NO_PASSWORD(ctl))
|
|
/* Server won't care what the password is, but there
|
|
must be some non-null string here. */
|
|
- ctl->password = ctl->remotename;
|
|
+ ctl->password = xstrdup(ctl->remotename);
|
|
else if (!ctl->passwordfile && ctl->passwordfd==-1)
|
|
{
|
|
const netrc_entry *p;
|
|
@@ -1118,7 +1118,15 @@ static void optmerge(struct query *h2, s
|
|
|
|
FLAG_MERGE(wildcard);
|
|
STRING_MERGE(remotename);
|
|
- STRING_MERGE(password);
|
|
+ if (force ? !!h1->password : !h2->password) {
|
|
+ if (h2->password) {
|
|
+ memset(h2->password, 0x55, strlen(h2->password));
|
|
+ xfree(h2->password);
|
|
+ }
|
|
+ if (h1->password) {
|
|
+ h2->password = xstrdup(h1->password);
|
|
+ }
|
|
+ }
|
|
FLAG_MERGE(passwordfile);
|
|
if (force ? h1->passwordfd!=-1 : h2->passwordfd==-1) {
|
|
h2->passwordfd = h1->passwordfd;
|