summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMavridis Philippe <[email protected]>2022-06-27 11:01:28 +0300
committerMavridis Philippe <[email protected]>2022-06-27 11:07:15 +0300
commitd59c8ee79f91d41d0979bd09c5e50cc43916330c (patch)
tree6b8659e6404a55fb6588be571feaba964e7024ef
parentb2ca7feccea861a709a278cef8ebfe5b4fdc99e7 (diff)
downloadtdebase-d59c8ee79f91d41d0979bd09c5e50cc43916330c.tar.gz
tdebase-d59c8ee79f91d41d0979bd09c5e50cc43916330c.zip
FISH: Security fix backport from KDE
"Only store password in KWallet if the user asked for it" https://invent.kde.org/network/kio-extras/-/commit/d813cef3cecdec9af1532a40d677a203ff979145 Author: David Faure Licence: GPLv2 This mitigates CVE-2020-12755. Signed-off-by: Mavridis Philippe <[email protected]>
-rw-r--r--tdeioslave/fish/fish.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/tdeioslave/fish/fish.cpp b/tdeioslave/fish/fish.cpp
index 98c11a712..e7a195c44 100644
--- a/tdeioslave/fish/fish.cpp
+++ b/tdeioslave/fish/fish.cpp
@@ -570,7 +570,9 @@ int fishProtocol::establishConnection(char *buffer, TDEIO::fileoffset_t len) {
infoMessage(i18n("Initiating protocol..."));
if (!connectionAuth.password.isEmpty()) {
connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1);
- cacheAuthentication(connectionAuth);
+ if (connectionAuth.keepPassword) {
+ cacheAuthentication(connectionAuth);
+ }
}
isLoggedIn = true;
return 0;