diff options
author | Brian Cameron <brian.cameron@oracle.com> | 2012-06-22 09:36:46 -0500 |
---|---|---|
committer | Brian Cameron <brian.cameron@oracle.com> | 2012-06-22 09:36:46 -0500 |
commit | dc1797c436b4552324a2dfc41fca9a85c674ae7a (patch) | |
tree | 7bd06cb7f48aaec72e046b1206d10db35b9b0c88 | |
parent | a7c5c55e0fafb06069e2043d63fe33580a3e3848 (diff) | |
download | gdm-dc1797c436b4552324a2dfc41fca9a85c674ae7a.tar.gz |
When providing data to PAM, use strndup with "PAM_MAX_RESP_SIZE - 1"
and make sure the last character is a '\0'.
-rw-r--r-- | daemon/gdm-session-worker.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c index 449e7d15..1e1cf370 100644 --- a/daemon/gdm-session-worker.c +++ b/daemon/gdm-session-worker.c @@ -860,11 +860,13 @@ gdm_session_worker_process_pam_message (GdmSessionWorker *worker, } if (user_answer != NULL) { - /* we strdup and g_free to make sure we return malloc'd - * instead of g_malloc'd memory + /* we strndup and g_free to make sure we return malloc'd + * instead of g_malloc'd memory. PAM_MAX_RESP_SIZE includes + * the '\0' terminating character, thus the "- 1". */ if (res && response_text != NULL) { - *response_text = strdup (user_answer); + *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE - 1); + (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0'; } memset (user_answer, '\0', strlen (user_answer)); |