Comment 8 for bug 1011961

Created attachment 71659
Patch to kioslave/sftp/kio_sftp.cpp to use QString instead of const char * and use info.password instead of mPassword

The attached patch solves the problem on my KDE 4.8.3 installation (FreeBSD port).
The patch consists of two modifications, both into sftpProtocol::authenticateKeyboardInteractive(), file kio_sftp.cpp

1- the password is taken from the "info" parameter, instead of the private class attribute "mPassword". That attribute is only initialized once (I guess when parsing the URL, and that's why the syntax sftp://user:password@host works), while the "info" parameter is initialized by a KPasswordDialog, and thus contains the password.

2- the variable "answer" is declared as QString instead of const char*, as it is IMHO safer. The current code creates and destroy a QByteArray object, and assigns its "constData" to answer. If I understood correctly, that memory could be overwritten at any time, because the QByteArray is immediately freed after creation. After the patch, the correctness of the buffer is ensured, because the QByteArray is only destroyed when each call returns.