diff options
Diffstat (limited to 'src/config/accounts.c')
| -rw-r--r-- | src/config/accounts.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/config/accounts.c b/src/config/accounts.c index 0ca93ba6..2c8d5cb5 100644 --- a/src/config/accounts.c +++ b/src/config/accounts.c @@ -227,8 +227,10 @@ accounts_get_account(const char * const name) gchar *password = g_key_file_get_string(accounts, name, "password", NULL); gchar *eval_password = g_key_file_get_string(accounts, name, "eval_password", NULL); + // Evaluate as shell command to retrieve password if (eval_password != NULL) { FILE *stream = popen(eval_password, "r"); + // Limit to 100 bytes to prevent overflows in the case of a poorly chosen command password = g_malloc(100); fgets(password, 100, stream); } |