Viewing all changes in revision 12328.
- Committer: Thomas Haller
- Date: 2018-04-13 09:34:08 UTC
- Revision ID: git-v1:fa9a8c71ae7938de5bc82b41ecf0db85cc9936fe
auth-subject: fix potential memory corruption in nm_auth_subject_to_string()
We don't want to apped the value to @buf, we want to set it.
Also, if @buf happens to be uninitialized, g_strlcat() might
determine there is nothing to append and return the buffer unmodified.
Then, the (non NULL terminated) buffer might be printed.
Note that before recent refactoring, we effectively would only call
nm_auth_subject_to_string() on auth-subjects that were of type
UNIX-PROCESS. Hence, this bug came only to light very recently,
although it was present for a long time.
Fixes: eabe7d856c243673bbaba3295ce74d72e188596d
We don't want to apped the value to @buf, we want to set it.
Also, if @buf happens to be uninitialized, g_strlcat() might
determine there is nothing to append and return the buffer unmodified.
Then, the (non NULL terminated) buffer might be printed.
Note that before recent refactoring, we effectively would only call
nm_auth_subject_to_string() on auth-subjects that were of type
UNIX-PROCESS. Hence, this bug came only to light very recently,
although it was present for a long time.
Fixes: eabe7d856c243673bbaba3295ce74d72e188596d
- files modified:
- src/nm-auth-subject.c
expand all
collapse all
added
removed
