[seahorse/wip/dueno/interaction: 10/10] common: Fix use-after-free in password interaction

From: Daiki Ueno <dueno src gnome org>
To: commits-list gnome org
Cc:
Subject: [seahorse/wip/dueno/interaction: 10/10] common: Fix use-after-free in password interaction
Date: Fri, 20 Sep 2019 09:57:30 +0000 (UTC)

commit 30c2ede0671e062e8ec31a78f71cb0cce9716098
Author: Daiki Ueno <dueno src gnome org>
Date:   Fri Sep 20 11:48:45 2019 +0200

    common: Fix use-after-free in password interaction
    
    The ask_password method of Seahorse.Interaction tries to access the
    "text" property of the dialog after it is destroyed, that results in
    returning a garbage as a password.

 common/interaction.vala | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/common/interaction.vala b/common/interaction.vala
index 36986d82..34ec5ed9 100644
--- a/common/interaction.vala
+++ b/common/interaction.vala
@@ -46,13 +46,15 @@ public class Seahorse.Interaction : GLib.TlsInteraction {
             dialog.transient_for = this.parent;
 
         int response = dialog.run();
+
+        if (response == Gtk.ResponseType.ACCEPT)
+                       password.set_value_full((uint8[])gcr_secure_memory_strdup(dialog.get_text()),
+                                                                       gcr_secure_memory_free);
+
         dialog.destroy();
 
         if (response != Gtk.ResponseType.ACCEPT)
-            throw new GLib.IOError.CANCELLED("The password request was cancelled by the user");
-
-        password.set_value_full((uint8[])gcr_secure_memory_strdup(dialog.get_text()),
-                                gcr_secure_memory_free);
+                       throw new GLib.IOError.CANCELLED("The password request was cancelled by the user");
 
         return TlsInteractionResult.HANDLED;
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]