rpm/fetchmail
SHA256
1
0
Fork 0
forked from pool/fetchmail
Code Pull Requests Activity
factory
fetchmail/fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
David Anes d3007028df Accepting request 991826 from home:mcepl:branches:server:mail 
- Update to 6.4.32:
  * Use configure to find rst2html, some systems install it only
    with .py suffix, others only without, and some install both.
  * Update README.maintainer
  * Translations updated.
- Reapplied patches
- Add 44-uncorrupt_runfetchmail.patch to clean up some contrib/
  scripts (gl#fetchmail/fetchmail#44).

OBS-URL: https://build.opensuse.org/request/show/991826
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=137
2022-08-01 07:35:53 +00:00

44 lines
1.4 KiB
Diff
Raw Permalink Blame History

From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
Date: Fri, 9 Jun 2017 19:31:17 -0600
Subject: give each ctl it's own copy of password
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
Git-commit: 469b0a212e7f047ab16ef46a9158df5fb373e8c2
pwdb_* and passwordfile options may free and re-allocate password
for each poll operation. Giving each context it's own copy of
the password should prevent accessing freed memory in another copy.
I haven't tested pwmd, but these seem like obvious fixes.
---
fetchmail.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -450,7 +450,7 @@ int main(int argc, char **argv)
if (NO_PASSWORD(ctl))
/* Server won't care what the password is, but there
must be some non-null string here. */
- ctl->password = ctl->remotename;
+ ctl->password = xstrdup(ctl->remotename);
else if (!ctl->passwordfile && ctl->passwordfd==-1)
{
netrc_entry *p;
@@ -1107,7 +1107,15 @@ static void optmerge(struct query *h2, s
FLAG_MERGE(wildcard);
STRING_MERGE(remotename);
- STRING_MERGE(password);
+ if (force ? !!h1->password : !h2->password) {
+ if (h2->password) {
+ memset(h2->password, 0x55, strlen(h2->password));
+ xfree(h2->password);
+ }
+ if (h1->password) {
+ h2->password = xstrdup(h1->password);
+ }
+ }
FLAG_MERGE(passwordfile);
if (force ? h1->passwordfd!=-1 : h2->passwordfd==-1) {
h2->passwordfd = h1->passwordfd;
View Git Blame Copy Permalink