From 3183c21afa7700ebc4dac02367653d1398a5b14a Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Sat, 6 Sep 2008 23:59:32 +0100
Subject: Completely reviewed all uses of irc->password, irc_setpass() and
 USTATUS_IDENTIFIED after another account overwriting vulnerability was found
 by Tero Marttila.

---
 irc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'irc.c')

diff --git a/irc.c b/irc.c
index 9b4e0020..dd244c09 100644
--- a/irc.c
+++ b/irc.c
@@ -37,7 +37,7 @@ static char *set_eval_password( set_t *set, char *value )
 {
 	irc_t *irc = set->data;
 	
-	if( irc->status & USTATUS_IDENTIFIED )
+	if( irc->status & USTATUS_IDENTIFIED && value )
 	{
 		irc_setpass( irc, value );
 		return NULL;
@@ -238,7 +238,7 @@ void irc_free( irc_t * irc )
 	log_message( LOGLVL_INFO, "Destroying connection with fd %d", irc->fd );
 	
 	if( irc->status & USTATUS_IDENTIFIED && set_getbool( &irc->set, "save_on_quit" ) ) 
-		if( storage_save( irc, TRUE ) != STORAGE_OK )
+		if( storage_save( irc, NULL, TRUE ) != STORAGE_OK )
 			irc_usermsg( irc, "Error while saving settings!" );
 	
 	irc_connection_list = g_slist_remove( irc_connection_list, irc );
-- 
cgit v1.2.3