22458
|
1 |
--- gdm-2.30.7/daemon/gdm-session-worker.c-orig 2012-02-21 20:27:25.469131407 -0600
|
|
2 |
+++ gdm-2.30.7/daemon/gdm-session-worker.c 2012-02-21 20:52:54.218996258 -0600
|
|
3 |
@@ -983,11 +983,12 @@ gdm_session_worker_process_pam_message (
|
|
4 |
}
|
|
5 |
|
|
6 |
if (user_answer != NULL) {
|
|
7 |
- /* we strdup and g_free to make sure we return malloc'd
|
|
8 |
- * instead of g_malloc'd memory
|
|
9 |
+ /* we strndup and g_free to make sure we return malloc'd
|
|
10 |
+ * instead of g_malloc'd memory. PAM_MAX_RESP_SIZE includes
|
|
11 |
+ * the '\0' terminating character, thus the "-1".
|
|
12 |
*/
|
|
13 |
if (res && response_text != NULL) {
|
|
14 |
- *response_text = strdup (user_answer);
|
|
15 |
+ *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE-1);
|
|
16 |
}
|
|
17 |
|
|
18 |
memset (user_answer, '\0', strlen (user_answer));
|