From 3183c21afa7700ebc4dac02367653d1398a5b14a Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sat, 6 Sep 2008 23:59:32 +0100 Subject: Completely reviewed all uses of irc->password, irc_setpass() and USTATUS_IDENTIFIED after another account overwriting vulnerability was found by Tero Marttila. --- storage_xml.c | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) (limited to 'storage_xml.c') diff --git a/storage_xml.c b/storage_xml.c index 8b205c5a..bd0c1953 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -258,7 +258,7 @@ static void xml_init( void ) log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir ); } -static storage_status_t xml_load_real( const char *my_nick, const char *password, irc_t *irc, xml_pass_st action ) +static storage_status_t xml_load_real( irc_t *irc, const char *my_nick, const char *password, xml_pass_st action ) { GMarkupParseContext *ctx; struct xml_parsedata *xd; @@ -266,9 +266,6 @@ static storage_status_t xml_load_real( const char *my_nick, const char *password GError *gerr = NULL; int fd, st; - if( irc && irc->status & USTATUS_IDENTIFIED ) - return( 1 ); - xd = g_new0( struct xml_parsedata, 1 ); xd->irc = irc; xd->given_nick = g_strdup( my_nick ); @@ -320,21 +317,19 @@ static storage_status_t xml_load_real( const char *my_nick, const char *password if( action == XML_PASS_CHECK_ONLY ) return STORAGE_OK; - irc->status |= USTATUS_IDENTIFIED; - return STORAGE_OK; } -static storage_status_t xml_load( const char *my_nick, const char *password, irc_t *irc ) +static storage_status_t xml_load( irc_t *irc, const char *password ) { - return xml_load_real( my_nick, password, irc, XML_PASS_UNKNOWN ); + return xml_load_real( irc, irc->nick, password, XML_PASS_UNKNOWN ); } static storage_status_t xml_check_pass( const char *my_nick, const char *password ) { /* This is a little bit risky because we have to pass NULL for the irc_t argument. This *should* be fine, if I didn't miss anything... */ - return xml_load_real( my_nick, password, NULL, XML_PASS_CHECK_ONLY ); + return xml_load_real( NULL, my_nick, password, XML_PASS_CHECK_ONLY ); } static int xml_printf( int fd, int indent, char *fmt, ... ) @@ -370,12 +365,6 @@ static storage_status_t xml_save( irc_t *irc, int overwrite ) md5_byte_t pass_md5[21]; md5_state_t md5_state; - if( irc->password == NULL ) - { - irc_usermsg( irc, "Please register yourself if you want to save your settings." ); - return STORAGE_OTHER_ERROR; - } - path2 = g_strdup( irc->nick ); nick_lc( path2 ); g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" ); -- cgit v1.2.3 From 15d146925d949882037c60cab12abcbee6651fab Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 7 Sep 2008 00:10:47 +0100 Subject: Really removing the gstdio.h include now to fully fix GLib 2.4 compatibility. --- storage_xml.c | 1 - 1 file changed, 1 deletion(-) (limited to 'storage_xml.c') diff --git a/storage_xml.c b/storage_xml.c index bd0c1953..d3d0f6d6 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -28,7 +28,6 @@ #include "base64.h" #include "arc.h" #include "md5.h" -#include #if GLIB_CHECK_VERSION(2,8,0) #include -- cgit v1.2.3