behackett
commented
8 years ago Well, we're not using a copy of the string, just the pointer returned by PyArg_ParseTupleAndKeywords, so we can't free the memory. A copy doesn't seem necessary.
Closed schlenk closed 8 years ago
behackett
commented
8 years ago Well, we're not using a copy of the string, just the pointer returned by PyArg_ParseTupleAndKeywords, so we can't free the memory. A copy doesn't seem necessary.
schlenk
commented
8 years ago True. Missed that part, as there are some variants that create a copy.
Might be a good idea to use z# or z* though for the PyArg_ParseTupleAndKeywords, to allow any buffer object (and possibly avoid leaking passwords into PyString objects, e.g. if you write your own buffer api compatible object type).
behackett
commented
8 years ago That's a great idea. Can you open a separate ticket documenting the use case?
behackett
commented
8 years ago This became relevant again with the changes for #1.
behackett
commented
8 years ago Also resolved in 3476f7c734307f4715eb5838eede919ecd41d8cb
Might be a good idea to zero out the password after using it in AcquireCredentialsHandleA(). Doesn't help a lot with Pythons String objects, but its better than nothing.