kov changed libgksu/trunk/ChangeLog, libgksu/trunk/libgksu/libgksu.c
Gustavo Noronha
kov at alioth.debian.org
Sun May 10 01:15:31 UTC 2009
Mensagem de log:
Accepted patch by Robert Millan <rmh.debian.bts at aybabtu.com> to fix overflow/memory corruption
-----
Modified: libgksu/trunk/ChangeLog
===================================================================
--- libgksu/trunk/ChangeLog 2009-05-09 15:49:25 UTC (rev 854)
+++ libgksu/trunk/ChangeLog 2009-05-10 01:15:31 UTC (rev 855)
@@ -1,3 +1,18 @@
+2009-05-09 Robert Millan <rmh.debian.bts at aybabtu.com>
+
+ This fixes two bugs in read_line function. Both are exposed when
+ running gksudo --debug:
+
+ - First, when read() fails, the printed value will come from
+ uninitialised memory. This results in stuff like
+ "GNOME_SUDO_PASSSSSSSSSSSSSSSSS..." being printed.
+
+ - Second, the null terminator is off-by-one, resulting in
+ garbage being printed at the end of each line. This may
+ also lead to memory corruption (for n >= 256)!
+
+ * libgksu/libgksu.c:
+
2009-03-04 Gustavo Noronha Silva <kov at debian.org>
* Release 2.0.9
Modified: libgksu/trunk/libgksu/libgksu.c
===================================================================
--- libgksu/trunk/libgksu/libgksu.c 2009-05-09 15:49:25 UTC (rev 854)
+++ libgksu/trunk/libgksu/libgksu.c 2009-05-10 01:15:31 UTC (rev 855)
@@ -2374,12 +2374,13 @@
for (; counter < (n - 1); counter++)
{
+ tmp[0] = '\0';
read (fd, tmp, 1);
if (tmp[0] == '\n')
break;
buffer[counter] = tmp[0];
}
- buffer[counter+1] = '\0';
+ buffer[counter] = '\0';
}
/**
More information about the gksu-commits
mailing list