Closed Bug 247417 Opened 20 years ago Closed 20 years ago

Master Password Dialog still displays for those non-store password POP accounts

Categories

(SeaMonkey :: MailNews: Message Display, defect)

x86
All
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: karenlhuang, Assigned: Bienvenu)

References

Details

(Keywords: fixed-aviary1.0, regression)

Attachments

(2 files, 1 obsolete file)

This bug is logged for tracing the rest issue/improvement for bug 245813: So far, the fix of bug 245813 is: After click "Cancel" from the Master Password Dialog. It displays 3 times for those stored password POP accounts. And it displays 1 time for those non-store password POP accounts. Actually, from user point of view, Master Password dialog shouldn't display for those non-store password POP accounts...(This is how Netscape 7.1 did) Steps: 1) Setup 4 POP mail acocunts without "checked for new msgs at startup" 2) Setup 1 POP mail acocunt "check for new msgs every 1 minute" 3) Saved Passwords for 2 POP mail acocunts 4) Checked Preferences|Passwords|Use encryption when storing sensitive data 5) After select "Get Msgs", notice Master Password dialog displays for those stored password POP accounts. 6) After select "Cancel" 7) Select "Get Msgs" for those non-store password POP accounts. Actual Results: Master Password Dialog still displays for those non-store password POP accounts Expected results: Master Password Dialog shouldn't display for those non-store password POP accounts.
I used latest Mozilla 1.7 branch build (06-17)...
Version: Trunk → Other Branch
*** Bug 247623 has been marked as a duplicate of this bug. ***
This bug regressed between linux trunk builds 2004092205 and 2004092305, indicating this is a regression from bug 219976.
Assignee: sspitzer → bienvenu
OS: Windows XP → All
Version: Other Branch → Trunk
I'd say this is a wallet bug. the xpcom frontend for wallet uses the enumerator to get all the urls, usernames and passwords. In clear text. So the master password is needed. Only after that, it goes to search for the right url. It should look for the right url first, and then decypher the username and password.
Attached patch delay decryption (obsolete) — Splinter Review
Decyption should happen only if the uri's match. Some might think of this as a hack. I think of all of wallet as a hack, so one extra won't hurt.
Attachment #151220 - Flags: review?(timeless)
Attachment #151220 - Flags: superreview?(darin)
Attachment #151220 - Flags: review?(timeless)
Attachment #151220 - Flags: review+
Comment on attachment 151220 [details] [diff] [review] delay decryption >Index: extensions/wallet/src/nsPasswordManager.cpp >- nsCOMPtr<nsISimpleEnumerator> enumerator; >- rv = GetEnumerator(getter_AddRefs(enumerator)); >- if (NS_FAILED(rv)) { >- return rv; // could not unlock the database >+ nsPasswordManagerEnumerator* enumerator = new nsPasswordManagerEnumerator(PR_FALSE); who frees this enumerator now? it used to be COMPtr, which would clean itself up after it goes out of scope. > while (hasMoreElements) { > rv = enumerator->GetNext(getter_AddRefs(passwordElem)); > if (NS_FAILED(rv)) > return rv; here's an early return that appears to leak |enumerator|. As for the core functionality change, I think you should poke dveditz for a review.
Attachment #151220 - Flags: superreview?(darin) → superreview-
Attached patch updatedSplinter Review
Patch updated to darins comments. It's a comptr again.
Attachment #151220 - Attachment is obsolete: true
Comment on attachment 154006 [details] [diff] [review] updated carrying timeless' review forward. dveditz can you sr? darin: there isn't a real functionality changes. the patch only skips decrypting passwords for entries that are thrown away anyway later, because the url's don't match. The end result is the same.
Attachment #154006 - Flags: superreview?(dveditz)
Attachment #154006 - Flags: review+
Comment on attachment 154006 [details] [diff] [review] updated sr=dveditz
Attachment #154006 - Flags: superreview?(dveditz) → superreview+
checked in
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
this should be checked into the aviary branch, right? If I don't hear any dissenting voices, I'll check this into the aviary branch.
*** Bug 185786 has been marked as a duplicate of this bug. ***
*** Bug 236510 has been marked as a duplicate of this bug. ***
this is what I'll check into the aviary branch.
fixed on 1.0 branch
Keywords: fixed-aviary1.0
Product: Browser → Seamonkey
Comment on attachment 154708 [details] [diff] [review] -up diff for aviary branch getting on radar for 1.7.12
Attachment #154708 - Flags: approval1.7.12?
*** Bug 306710 has been marked as a duplicate of this bug. ***
Comment on attachment 154708 [details] [diff] [review] -up diff for aviary branch out of scope for a security release
Attachment #154708 - Flags: approval1.7.13? → approval1.7.13-
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: