diff options
author | Mavridis Philippe <mavridisf@gmail.com> | 2022-06-27 11:01:28 +0300 |
---|---|---|
committer | Mavridis Philippe <mavridisf@gmail.com> | 2022-06-27 17:38:37 +0300 |
commit | 0b10dbcfa957bc9c32666cfcb0031c955f721f3e (patch) | |
tree | 0674f21035a9ee6e5958f57cd8280fc6afb74b42 /tdeioslave | |
parent | 56c1f140dbe75c5fbabf90ff8c7dae49c04ce3fa (diff) | |
download | tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.tar.gz tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.zip |
FISH: Security fix backport from KDE
"Only store password in KWallet if the user asked for it"
https://invent.kde.org/network/kio-extras/-/commit/d813cef3cecdec9af1532a40d677a203ff979145
Author: David Faure
Licence: GPLv2
This mitigates CVE-2020-12755.
Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
(cherry picked from commit d59c8ee79f91d41d0979bd09c5e50cc43916330c)
Diffstat (limited to 'tdeioslave')
-rw-r--r-- | tdeioslave/fish/fish.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tdeioslave/fish/fish.cpp b/tdeioslave/fish/fish.cpp index 98c11a712..e7a195c44 100644 --- a/tdeioslave/fish/fish.cpp +++ b/tdeioslave/fish/fish.cpp @@ -570,7 +570,9 @@ int fishProtocol::establishConnection(char *buffer, TDEIO::fileoffset_t len) { infoMessage(i18n("Initiating protocol...")); if (!connectionAuth.password.isEmpty()) { connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1); - cacheAuthentication(connectionAuth); + if (connectionAuth.keepPassword) { + cacheAuthentication(connectionAuth); + } } isLoggedIn = true; return 0; |