worker: Fix memory corruption error/crasher

gdm_session_worker_process_pam_message() contains this code: *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE - 1); (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0'; If the string pointed to by user_answer is shorter than PAM_MAX_RESP_SIZE - 1 (which will generally be the case), the second line clobbers unrelated memory. On this powerpc laptop, that causes gdm-session-worker to crash while verifying the password, leaving me unable to log into any user session. strndup() already ensures that the resulting string is 0-terminated anyway, so this commit just removes the second line.
author: Michel Dänzer <michel@daenzer.net> 2013-08-20 11:25:00 -0400
committer: Ray Strode <rstrode@redhat.com> 2013-08-20 11:25:00 -0400
commit: 9755ca3a594a01ba7f361684af1c29b49be17856 (patch)
tree: d3b9168e8d5da5f23b9051c100e0d3345c57c512
parent: 7df9c4062f9bbef5a6d4cc1aa215b9a88939df2e (diff)
download: gdm-9755ca3a594a01ba7f361684af1c29b49be17856.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 422c6ef9..7307872b 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -795,7 +795,6 @@ gdm_session_worker_process_pam_message (GdmSessionWorker          *worker,
                  */
                 if (res && response_text != NULL) {
                         *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE - 1);
-                        (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0';
                 }
 
                 memset (user_answer, '\0', strlen (user_answer));
author	Michel Dänzer <michel@daenzer.net>	2013-08-20 11:25:00 -0400
committer	Ray Strode <rstrode@redhat.com>	2013-08-20 11:25:00 -0400
commit	9755ca3a594a01ba7f361684af1c29b49be17856 (patch)
tree	d3b9168e8d5da5f23b9051c100e0d3345c57c512
parent	7df9c4062f9bbef5a6d4cc1aa215b9a88939df2e (diff)
download	gdm-9755ca3a594a01ba7f361684af1c29b49be17856.tar.gz