Swiftdiff options
| author | Remko Tronçon <git@el-tramo.be> | 2011-05-18 13:45:41 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2011-05-18 14:24:28 (GMT) |
| commit | 23fa0f462ddd0c686c677bfe5d4d743621432b7e (patch) | |
| tree | b8f0ea1860640f89eafba2460cc5d45bf28fc77c /Swiften/Client/ClientSession.cpp | |
| parent | 2456a8b12163b3249b6b9164b601c36772eb05a1 (diff) | |
| download | swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.zip swift-23fa0f462ddd0c686c677bfe5d4d743621432b7e.tar.bz2 | |
Introduce safe containers for storing passwords.
Diffstat (limited to 'Swiften/Client/ClientSession.cpp')
| -rw-r--r-- | Swiften/Client/ClientSession.cpp | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index 846a5e7..57d9c12 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -12,6 +12,7 @@ #include <boost/uuid/uuid_generators.hpp> #include <boost/smart_ptr/make_shared.hpp> +#include <Swiften/Base/SafeString.h> #include <Swiften/Elements/ProtocolHeader.h> #include <Swiften/Elements/StreamFeatures.h> #include <Swiften/Elements/StreamError.h> @@ -185,7 +186,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { if (stream->hasTLSCertificate()) { if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) { state = Authenticating; - stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createByteArray(""))); + stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray(""))); } else { finishSession(Error::TLSClientCertificateError); @@ -193,7 +194,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { } else if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) { state = Authenticating; - stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createByteArray(""))); + stream->writeElement(boost::make_shared<AuthRequest>("EXTERNAL", createSafeByteArray(""))); } else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) { std::ostringstream s; @@ -275,6 +276,8 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { else if (AuthSuccess* authSuccess = dynamic_cast<AuthSuccess*>(element.get())) { checkState(Authenticating); if (authenticator && !authenticator->setChallenge(authSuccess->getValue())) { + delete authenticator; + authenticator = NULL; finishSession(Error::ServerVerificationFailedError); } else { @@ -336,7 +339,7 @@ bool ClientSession::checkState(State state) { return true; } -void ClientSession::sendCredentials(const std::string& password) { +void ClientSession::sendCredentials(const SafeString& password) { assert(WaitingForCredentials); state = Authenticating; authenticator->setCredentials(localJID.getNode(), password); |