GNU bug report logs - #36834
27.0.50; [PATCH] password-cache.el: confuses key absence with nil password

Previous Next

Package: emacs;

Reported by: Óscar Fuentes <ofv <at> wanadoo.es>

Date: Mon, 29 Jul 2019 05:13:01 UTC

Severity: normal

Tags: patch

Found in version 27.0.50

Done: Óscar Fuentes <ofv <at> wanadoo.es>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Óscar Fuentes <ofv <at> wanadoo.es>
Cc: 36834 <at> debbugs.gnu.org
Subject: bug#36834: 27.0.50; [PATCH] password-cache.el: confuses key absence with nil password
Date: Sat, 10 Aug 2019 05:14:22 -0400

> So I propose this patch:
>
> diff --git a/lisp/password-cache.el b/lisp/password-cache.el
> index 5a09ae4859..6009fb491e 100644
> --- a/lisp/password-cache.el
> +++ b/lisp/password-cache.el
> @@ -81,7 +81,8 @@ password-in-cache-p
>    "Check if KEY is in the cache."
>    (and password-cache
>         key
> -       (gethash key password-data)))
> +       (not (eq (gethash key password-data 'password-cache-no-data)
> +                'password-cache-no-data))))
>  
>  (defun password-read (prompt &optional key)
>    "Read password, for use with KEY, from user, or from cache if wanted.
> @@ -125,7 +126,9 @@ password-cache-remove
>  (defun password-cache-add (key password)
>    "Add password to cache.
>  The password is removed by a timer after `password-cache-expiry' seconds."
> -  (when (and password-cache-expiry (null (gethash key password-data)))
> +  (when (and password-cache-expiry
> +             (eq (gethash key password-data 'password-cache-no-data)
> +                 'password-cache-no-data))
>      (run-at-time password-cache-expiry nil
>  		 #'password-cache-remove
>  		 key))

Looks good to me, thanks.

> On another topic, before a cache entry is removed we try to overwrite
> the stored password (see password-cache-remove). However, the same
> change did this:
>
>
>  (defun password-reset ()
>    "Clear the password cache."
>    (interactive)
> -  (fillarray password-data 0))
> +  (clrhash password-data))

Obarrays are just arrays of symbols (i.e. arrays of pointers to symbol
objects), so (fillarray password-data 0) does not overwrite the
passwords stored in the symbols, it just overwrites the pointers to
those symbols.
(clrhash password-data) has basically the same effect.


        Stefan
This bug report was last modified 5 years and 288 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.