From a0dc9549ee29dea1a9186204fc1c18985321752f Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Mon, 17 Nov 2008 18:28:57 +0100 Subject: screen_utils: check for NULL password Fix a NULL pointer dereference and a memory leak: check if screen_read_password() returns NULL, and don't call mpd_sendPasswordCommand(NULL) in this case. Free the password when done. --- src/screen_utils.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/screen_utils.c b/src/screen_utils.c index 308d049f4..ff3fffa44 100644 --- a/src/screen_utils.c +++ b/src/screen_utils.c @@ -121,10 +121,19 @@ screen_read_password(WINDOW *w, const char *prompt) static gint _screen_auth(struct mpdclient *c, gint recursion) { + char *password; + mpd_clearError(c->connection); if (recursion > 2) return 1; - mpd_sendPasswordCommand(c->connection, screen_read_password(NULL, NULL)); + + password = screen_read_password(NULL, NULL); + if (password == NULL) + return 1; + + mpd_sendPasswordCommand(c->connection, password); + g_free(password); + mpd_finishCommand(c->connection); mpdclient_update(c); if (c->connection->errorCode == MPD_ACK_ERROR_PASSWORD) -- cgit v1.2.3