worker: Fix memory corruption error/crasher
gdm_session_worker_process_pam_message() contains this code: *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE - 1); (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0'; If the string pointed to by user_answer is shorter than PAM_MAX_RESP_SIZE - 1 (which will generally be the case), the second line clobbers unrelated memory. On this powerpc laptop, that causes gdm-session-worker to crash while verifying the password, leaving me unable to log into any user session. strndup() already ensures that the resulting string is 0-terminated anyway, so this commit just removes the second line.
parent
f7664ef4
Please register or sign in to comment