2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function being insecure.
This commit is contained in:
		
							parent
							
								
									3716b12ce2
								
							
						
					
					
						commit
						ec8bb77de9
					
				
					 2 changed files with 13 additions and 1 deletions
				
			
		|  | @ -39,12 +39,19 @@ grub_auth_strcmp (const char *user_input, const char *template) | |||
| { | ||||
|   int ok = 1; | ||||
|   const char *ptr1, *ptr2; | ||||
| 
 | ||||
|   if (ptr2 == NULL) | ||||
|     ok = 0; | ||||
| 
 | ||||
|   for (ptr1 = user_input, ptr2 = template; *ptr1; ptr1++) | ||||
|     if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok && ptr2 != NULL) | ||||
|     if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok) | ||||
|       ptr2++; | ||||
|     else | ||||
|       ok = 0; | ||||
| 
 | ||||
|   if (ptr2 == NULL || *ptr2 != 0) | ||||
|     ok = 0; | ||||
| 
 | ||||
|   return !ok; | ||||
| } | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue