Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Issue 2352 – Remember empty session password

https://winscp.net/tracker/2352

Source commit: 8deb7a84540894f0ce1a0b3c0ff08ebffdaa44df
Martin Prikryl 9 months ago
parent
82ca508ba5
commit
0d64cc1278
5 changed files with 17 additions and 5 deletions
Split View Show Diff Stats
  1. 1 0
      source/core/Common.cpp
  2. 10 0
      source/core/Global.cpp
  3. 1 2
      source/core/Global.h
  4. 2 2
      source/core/SessionData.cpp
  5. 3 1
      source/core/Terminal.cpp

+ 1 - 0
source/core/Common.cpp
View File 

@@ -89,6 +89,7 @@ void __fastcall DoShred(T & Str)
 
 {

   if (!Str.IsEmpty())

   {

+    // Should instead test for (StringRefCount(Str) == 1) to prevent Unique making yet another copy

     Str.Unique();

     memset(Str.c_str(), 0, Str.Length() * sizeof(*Str.c_str()));

     Str = L"";

+ 10 - 0
source/core/Global.cpp
View File 

@@ -18,6 +18,16 @@ UnicodeString NormalizeString(const UnicodeString & S)
 
   return Result;

 }

 //---------------------------------------------------------------------------

+UnicodeString DenormalizeString(const UnicodeString & S)

+{

+  UnicodeString Result = S;

+  if (Result.IsEmpty())

+  {

+    Result = EmptyString;

+  }

+  return Result;

+}

+//---------------------------------------------------------------------------

 // TGuard

 //---------------------------------------------------------------------------

 __fastcall TGuard::TGuard(TCriticalSection * ACriticalSection) :

+ 1 - 2
source/core/Global.h
View File 

@@ -11,9 +11,8 @@
 
 //---------------------------------------------------------------------------

 #include <System.SyncObjs.hpp>

 //---------------------------------------------------------------------------

-extern const UnicodeString EmptyString;

-//---------------------------------------------------------------------------

 UnicodeString NormalizeString(const UnicodeString & S);

+UnicodeString DenormalizeString(const UnicodeString & S);

 //---------------------------------------------------------------------------

 class TGuard

 {

+ 2 - 2
source/core/SessionData.cpp
View File 

@@ -2436,9 +2436,9 @@ bool __fastcall TSessionData::ParseUrl(UnicodeString Url, TOptions * Options,
 
       UserName = DecodeUrlChars(RawUserName);

 

       Password = DecodeUrlChars(UserInfo);

-      if (HasPassword && Password.IsEmpty())

+      if (HasPassword)

       {

-        Password = EmptyString;

+        Password = DenormalizeString(Password);

       }

 

       UnicodeString RemoteDirectoryWithSessionParams = Url.SubString(PSlash, Url.Length() - PSlash + 1);

+ 3 - 1
source/core/Terminal.cpp
View File 

@@ -1992,7 +1992,9 @@ bool __fastcall TTerminal::DoPromptUser(TSessionData * /*Data*/, TPromptKind Kin
 
     if (AResult && PasswordOrPassphrasePrompt &&

         (Configuration->RememberPassword || FLAGSET(int(Prompts->Objects[0]), pupRemember)))

     {

-      RawByteString EncryptedPassword = EncryptPassword(Results->Strings[0]);

+      UnicodeString Password = DenormalizeString(Results->Strings[0]);

+      RawByteString EncryptedPassword = EncryptPassword(Password);

+      Shred(Password);

       if (FTunnelOpening)

       {

         PrimaryTerminal->FRememberedTunnelPassword = EncryptedPassword;