FISH: Security fix backport from KDE

"Only store password in KWallet if the user asked for it" https://invent.kde.org/network/kio-extras/-/commit/d813cef3cecdec9af1532a40d677a203ff979145 Author: David Faure Licence: GPLv2 This mitigates CVE-2020-12755. Signed-off-by: Mavridis Philippe <mavridisf@gmail.com> (cherry picked from commit d59c8ee79f91d41d0979bd09c5e50cc43916330c)
author: Mavridis Philippe <mavridisf@gmail.com> 2022-06-27 11:01:28 +0300
committer: Mavridis Philippe <mavridisf@gmail.com> 2022-06-27 17:38:37 +0300
commit: 0b10dbcfa957bc9c32666cfcb0031c955f721f3e (patch)
tree: 0674f21035a9ee6e5958f57cd8280fc6afb74b42
parent: 56c1f140dbe75c5fbabf90ff8c7dae49c04ce3fa (diff)
download: tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.tar.gz
tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/tdeioslave/fish/fish.cpp b/tdeioslave/fish/fish.cpp
index 98c11a712..e7a195c44 100644
--- a/tdeioslave/fish/fish.cpp
+++ b/tdeioslave/fish/fish.cpp
@@ -570,7 +570,9 @@ int fishProtocol::establishConnection(char *buffer, TDEIO::fileoffset_t len) {
             infoMessage(i18n("Initiating protocol..."));
             if (!connectionAuth.password.isEmpty()) {
                 connectionAuth.password = connectionAuth.password.left(connectionAuth.password.length()-1);
-                cacheAuthentication(connectionAuth);
+                if (connectionAuth.keepPassword) {
+                    cacheAuthentication(connectionAuth);
+                }
             }
             isLoggedIn = true;
             return 0;
author	Mavridis Philippe <mavridisf@gmail.com>	2022-06-27 11:01:28 +0300
committer	Mavridis Philippe <mavridisf@gmail.com>	2022-06-27 17:38:37 +0300
commit	0b10dbcfa957bc9c32666cfcb0031c955f721f3e (patch)
tree	0674f21035a9ee6e5958f57cd8280fc6afb74b42
parent	56c1f140dbe75c5fbabf90ff8c7dae49c04ce3fa (diff)
download	tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.tar.gz tdebase-0b10dbcfa957bc9c32666cfcb0031c955f721f3e.zip