[seahorse/wip/dueno/interaction] common: Fix use-after-free in password interaction

From: Daiki Ueno <dueno src gnome org>
To: commits-list gnome org
Cc:
Subject: [seahorse/wip/dueno/interaction] common: Fix use-after-free in password interaction
Date: Fri, 20 Sep 2019 10:09:37 +0000 (UTC)

commit 0c227636d6f714b9a652418f14b16fbb042effe2
Author: Daiki Ueno <dueno src gnome org>
Date:   Fri Sep 20 11:48:45 2019 +0200

    common: Fix use-after-free in password interaction
    
    The ask_password method of Seahorse.Interaction tries to access the
    "text" property of the dialog after it is destroyed, that results in
    returning a garbage as a password.

 common/interaction.vala | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/common/interaction.vala b/common/interaction.vala
index 36986d82..1e5f0f3e 100644
--- a/common/interaction.vala
+++ b/common/interaction.vala
@@ -46,14 +46,16 @@ public class Seahorse.Interaction : GLib.TlsInteraction {
             dialog.transient_for = this.parent;
 
         int response = dialog.run();
+
+        if (response == Gtk.ResponseType.ACCEPT)
+            password.set_value_full((uint8[])gcr_secure_memory_strdup(dialog.get_text()),
+                                    gcr_secure_memory_free);
+
         dialog.destroy();
 
         if (response != Gtk.ResponseType.ACCEPT)
             throw new GLib.IOError.CANCELLED("The password request was cancelled by the user");
 
-        password.set_value_full((uint8[])gcr_secure_memory_strdup(dialog.get_text()),
-                                gcr_secure_memory_free);
-
         return TlsInteractionResult.HANDLED;
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]