2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function being insecure.
This commit is contained in:
Vladimir 'phcoder' Serbinenko
parent
3716b12ce2
commit
ec8bb77de9
2 changed files with 13 additions and 1 deletions
|
|
@ -1,3 +1,8 @@
|
|||
2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>
|
||||
|
||||
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function
|
||||
being insecure.
|
||||
|
||||
2009-11-08 Robert Millan <rmh.grub@aybabtu.com>
|
||||
|
||||
* util/i386/pc/grub-mkrescue.in: Fix miss-identification as
|
||||
|
|
|
|||
|
|
@ -39,12 +39,19 @@ grub_auth_strcmp (const char *user_input, const char *template)
|
|||
{
|
||||
int ok = 1;
|
||||
const char *ptr1, *ptr2;
|
||||
|
||||
if (ptr2 == NULL)
|
||||
ok = 0;
|
||||
|
||||
for (ptr1 = user_input, ptr2 = template; *ptr1; ptr1++)
|
||||
if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok && ptr2 != NULL)
|
||||
if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok)
|
||||
ptr2++;
|
||||
else
|
||||
ok = 0;
|
||||
|
||||
if (ptr2 == NULL || *ptr2 != 0)
|
||||
ok = 0;
|
||||
|
||||
return !ok;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue