2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>

* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function
	being insecure.
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2009-11-09 00:16:17 +01:00
parent 3716b12ce2
commit ec8bb77de9
2 changed files with 13 additions and 1 deletions

View file

@ -1,3 +1,8 @@
2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function
being insecure.
2009-11-08 Robert Millan <rmh.grub@aybabtu.com>
* util/i386/pc/grub-mkrescue.in: Fix miss-identification as

View file

@ -39,12 +39,19 @@ grub_auth_strcmp (const char *user_input, const char *template)
{
int ok = 1;
const char *ptr1, *ptr2;
if (ptr2 == NULL)
ok = 0;
for (ptr1 = user_input, ptr2 = template; *ptr1; ptr1++)
if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok && ptr2 != NULL)
if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok)
ptr2++;
else
ok = 0;
if (ptr2 == NULL || *ptr2 != 0)
ok = 0;
return !ok;
}