Changeset 3183c21 for storage_xml.c


Ignore:
Timestamp:
2008-09-06T22:59:32Z (12 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
15d1469
Parents:
0a4f6f4
Message:

Completely reviewed all uses of irc->password, irc_setpass() and
USTATUS_IDENTIFIED after another account overwriting vulnerability was
found by Tero Marttila.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • storage_xml.c

    r0a4f6f4 r3183c21  
    259259}
    260260
    261 static storage_status_t xml_load_real( const char *my_nick, const char *password, irc_t *irc, xml_pass_st action )
     261static storage_status_t xml_load_real( irc_t *irc, const char *my_nick, const char *password, xml_pass_st action )
    262262{
    263263        GMarkupParseContext *ctx;
     
    266266        GError *gerr = NULL;
    267267        int fd, st;
    268        
    269         if( irc && irc->status & USTATUS_IDENTIFIED )
    270                 return( 1 );
    271268       
    272269        xd = g_new0( struct xml_parsedata, 1 );
     
    321318                return STORAGE_OK;
    322319       
    323         irc->status |= USTATUS_IDENTIFIED;
    324        
    325320        return STORAGE_OK;
    326321}
    327322
    328 static storage_status_t xml_load( const char *my_nick, const char *password, irc_t *irc )
    329 {
    330         return xml_load_real( my_nick, password, irc, XML_PASS_UNKNOWN );
     323static storage_status_t xml_load( irc_t *irc, const char *password )
     324{
     325        return xml_load_real( irc, irc->nick, password, XML_PASS_UNKNOWN );
    331326}
    332327
     
    335330        /* This is a little bit risky because we have to pass NULL for the
    336331           irc_t argument. This *should* be fine, if I didn't miss anything... */
    337         return xml_load_real( my_nick, password, NULL, XML_PASS_CHECK_ONLY );
     332        return xml_load_real( NULL, my_nick, password, XML_PASS_CHECK_ONLY );
    338333}
    339334
     
    370365        md5_byte_t pass_md5[21];
    371366        md5_state_t md5_state;
    372        
    373         if( irc->password == NULL )
    374         {
    375                 irc_usermsg( irc, "Please register yourself if you want to save your settings." );
    376                 return STORAGE_OTHER_ERROR;
    377         }
    378367       
    379368        path2 = g_strdup( irc->nick );
Note: See TracChangeset for help on using the changeset viewer.