Skip to content
Commit 87a3663d authored by Michel Dänzer's avatar Michel Dänzer Committed by Ray Strode
Browse files

worker: Fix memory corruption error/crasher

gdm_session_worker_process_pam_message() contains this code:

                         *response_text = strndup (user_answer,
PAM_MAX_RESP_SIZE - 1);
                        (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0';

If the string pointed to by user_answer is shorter than PAM_MAX_RESP_SIZE - 1
(which will generally be the case), the second line clobbers unrelated memory.
On this powerpc laptop, that causes gdm-session-worker to crash while verifying
the password, leaving me unable to log into any user session.

strndup() already ensures that the resulting string is 0-terminated anyway, so
this commit just removes the second line.
parent f7664ef4
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment