From f8d82acaa268d45c5a071216524ba0b9a5da479f Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Tue, 2 Sep 2014 18:42:45 +0200 Subject: oauth: Don't leak RestProxyCall::token{_secret} https://bugzilla.gnome.org/show_bug.cgi?id=735922 --- rest/oauth-proxy-call.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rest/oauth-proxy-call.c b/rest/oauth-proxy-call.c index ac94492..dce2c66 100644 --- a/rest/oauth-proxy-call.c +++ b/rest/oauth-proxy-call.c @@ -340,6 +340,8 @@ oauth_proxy_call_parse_token_response (OAuthProxyCall *call) form = soup_form_decode (rest_proxy_call_get_payload (REST_PROXY_CALL (call))); + g_free (priv->token); + g_free (priv->token_secret); priv->token = g_strdup (g_hash_table_lookup (form, "oauth_token")); priv->token_secret = g_strdup (g_hash_table_lookup (form, "oauth_token_secret")); /* This header should only exist for request_token replies, but its easier just to always check it */ -- cgit v1.2.3