[Commits] [SCM] claws branch, master, updated. 3.15.0-81-g5d78499

[ticho at claws-mail.org]

The branch, master has been updated
       via  5d78499d1dd99680047cc12f09980f50f41a93e5 (commit)
      from  8c3760e3461510a1889195d2d027ebd4db6ca5bd (commit)

Summary of changes:
 src/password.c |   10 ++++++++++
 1 file changed, 10 insertions(+)


- Log -----------------------------------------------------------------
commit 5d78499d1dd99680047cc12f09980f50f41a93e5
Author: Andrej Kacian <ticho at claws-mail.org>
Date:   Sun Jul 9 23:49:03 2017 +0200

    Fixed a memory leak in GnuTLS password decryption.

diff --git a/src/password.c b/src/password.c
index 08da488..6ff90e0 100644
--- a/src/password.c
+++ b/src/password.c
@@ -471,6 +471,14 @@ gchar *password_decrypt_gnutls(const gchar *password,
 	/* Prepare encrypted password string for decryption. */
 	tmp = g_base64_decode(tokens[2], &len);
 	g_strfreev(tokens);
+	if (tmp == NULL || len == 0) {
+		debug_print("Failed base64-decoding of stored password string\n");
+		g_free(key.data);
+		g_free(iv.data);
+		if (tmp != NULL)
+			g_free(tmp);
+		return NULL;
+	}
 
 	/* Initialize the decryption */
 	ret = gnutls_cipher_init(&handle, algo, &key, &iv);
@@ -478,6 +486,7 @@ gchar *password_decrypt_gnutls(const gchar *password,
 		debug_print("Cipher init failed: %s\n", gnutls_strerror(ret));
 		g_free(key.data);
 		g_free(iv.data);
+		g_free(tmp);
 		return NULL;
 	}
 
@@ -485,6 +494,7 @@ gchar *password_decrypt_gnutls(const gchar *password,
 	memset(buf, 0, len + blocklen);
 	ret = gnutls_cipher_decrypt2(handle, tmp, len,
 			buf, len + blocklen);
+	g_free(tmp);
 	if (ret < 0) {
 		debug_print("Decryption failed: %s\n", gnutls_strerror(ret));
 		g_free(key.data);

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail