[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: [Bug 131516] KMail forgets account setting for storing a POP3
From: Thomas McGuire <Thomas.McGuire () gmx ! net>
Date: 2007-06-15 16:15:57
Message-ID: 20070615161557.18066.qmail () ktown ! kde ! org
[Download RAW message or body]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=131516
------- Additional Comments From Thomas.McGuire gmx net 2007-06-15 18:15 -------
SVN commit 675974 by tmcguire:
Always try the wallet again when the user changes his password and has it stored in the config.
See the comment for the reasons.
CCBUGS: 95615,131516
M +11 -0 networkaccount.cpp
M +1 -1 networkaccount.h
--- trunk/KDE/kdepim/kmail/networkaccount.cpp #675973:675974
@ -165,6 +165,7 @
if ( !encpasswd.isEmpty() ) {
setPasswd( KStringHandler::obscure( encpasswd ), true );
+ mOldPassKey = encpasswd;
mPasswdDirty = false; // set by setPasswd() on first read
mStorePasswdInConfig = true;
} else {
@ -197,6 +198,15 @
// write password to the wallet if possible and necessary
bool passwdStored = false;
+ //If the password is different from the one stored in the config,
+ //try to store the new password in the wallet again.
+ //This ensures a malicious user can't just write a dummy pass key in the
+ //config, which would get overwritten by the real password and therefore
+ //leak out of the more secure wallet.
+ if ( mStorePasswdInConfig &&
+ KStringHandler::obscure( mOldPassKey ) != passwd() )
+ mStorePasswdInConfig = false;
+
//If the password should be written to the wallet, do that
if ( !mStorePasswdInConfig ) {
Wallet *wallet = kmkernel->wallet();
@ -244,6 +254,7 @
if ( writeInConfigNow ) {
config.writeEntry( "pass", KStringHandler::obscure( passwd() ) );
+ mOldPassKey = KStringHandler::obscure( passwd() );
mStorePasswdInConfig = true;
}
}
--- trunk/KDE/kdepim/kmail/networkaccount.h #675973:675974
@ -129,7 +129,7 @
protected:
KMail::SieveConfig mSieveConfig;
KIO::Slave * mSlave;
- QString mLogin, mPasswd, mAuth, mHost;
+ QString mLogin, mPasswd, mAuth, mHost, mOldPassKey;
unsigned short int mPort;
bool mStorePasswd : 1;
bool mUseSSL : 1;
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic