[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    [Bug 131516] KMail forgets account setting for storing a POP3
From:       Thomas McGuire <Thomas.McGuire () gmx ! net>
Date:       2007-06-15 16:15:57
Message-ID: 20070615161557.18066.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=131516         




------- Additional Comments From Thomas.McGuire gmx net  2007-06-15 18:15 -------
SVN commit 675974 by tmcguire:

Always try the wallet again when the user changes his password and has it stored in the config.
See the comment for the reasons.
CCBUGS: 95615,131516


 M  +11 -0     networkaccount.cpp  
 M  +1 -1      networkaccount.h  


--- trunk/KDE/kdepim/kmail/networkaccount.cpp #675973:675974
 @ -165,6 +165,7  @
 
       if ( !encpasswd.isEmpty() ) {
         setPasswd( KStringHandler::obscure( encpasswd ), true );
+        mOldPassKey = encpasswd;
         mPasswdDirty = false; // set by setPasswd() on first read
         mStorePasswdInConfig = true;
       } else {
 @ -197,6 +198,15  @
       // write password to the wallet if possible and necessary
       bool passwdStored = false;
 
+      //If the password is different from the one stored in the config,
+      //try to store the new password in the wallet again.
+      //This ensures a malicious user can't just write a dummy pass key in the
+      //config, which would get overwritten by the real password and therefore
+      //leak out of the more secure wallet.
+      if ( mStorePasswdInConfig &&
+           KStringHandler::obscure( mOldPassKey ) != passwd() )
+        mStorePasswdInConfig = false;
+
       //If the password should be written to the wallet, do that
       if ( !mStorePasswdInConfig ) {
         Wallet *wallet = kmkernel->wallet();
 @ -244,6 +254,7  @
 
       if ( writeInConfigNow ) {
         config.writeEntry( "pass", KStringHandler::obscure( passwd() ) );
+        mOldPassKey = KStringHandler::obscure( passwd() );
         mStorePasswdInConfig = true;
       }
     }
--- trunk/KDE/kdepim/kmail/networkaccount.h #675973:675974
 @ -129,7 +129,7  @
   protected:
     KMail::SieveConfig mSieveConfig;
     KIO::Slave * mSlave;
-    QString mLogin, mPasswd, mAuth, mHost;
+    QString mLogin, mPasswd, mAuth, mHost, mOldPassKey;
     unsigned short int mPort;
     bool mStorePasswd : 1;
     bool mUseSSL : 1;
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic