From d59c8ee79f91d41d0979bd09c5e50cc43916330c Mon Sep 17 00:00:00 2001 From: Mavridis Philippe Date: Mon, 27 Jun 2022 11:01:28 +0300 Subject: FISH: Security fix backport from KDE "Only store password in KWallet if the user asked for it" https://invent.kde.org/network/kio-extras/-/commit/d813cef3cecdec9af1532a40d677a203ff979145 Author: David Faure Licence: GPLv2 This mitigates CVE-2020-12755. Signed-off-by: Mavridis Philippe --- tdeioslave/fish/fish.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tdeioslave') diff --git a/tdeioslave/fish/fish.cpp b/tdeioslave/fish/fish.cpp index 98c11a712..e7a195c44 100644 --- a/tdeioslave/fish/fish.cpp +++ b/tdeioslave/fish/fish.cpp @@ -570,7 +570,9 @@ int fishProtocol::establishConnection(char *buffer, TDEIO::fileoffset_t len) { infoMessage(i18n("Initiating protocol...")); if (!connectionAuth.password.isEmpty()) { connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1); - cacheAuthentication(connectionAuth); + if (connectionAuth.keepPassword) { + cacheAuthentication(connectionAuth); + } } isLoggedIn = true; return 0; -- cgit v1.2.1