vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>

Browse source 
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function
	being insecure.
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2009-11-09 00:16:17 +01:00
parent 3716b12ce2
commit ec8bb77de9
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
2009-11-09 Vladimir Serbinenko <phcoder@gmail.com>
* normal/auth.c (grub_auth_strcmp): Fix bug which resulted in function
being insecure.
2009-11-08 Robert Millan <rmh.grub@aybabtu.com> 2009-11-08 Robert Millan <rmh.grub@aybabtu.com>
* util/i386/pc/grub-mkrescue.in: Fix miss-identification as * util/i386/pc/grub-mkrescue.in: Fix miss-identification as

9
normal/auth.c
View file

@ -39,12 +39,19 @@ grub_auth_strcmp (const char *user_input, const char *template)
{ {
int ok = 1; int ok = 1;
const char *ptr1, *ptr2; const char *ptr1, *ptr2;
if (ptr2 == NULL)
ok = 0;
for (ptr1 = user_input, ptr2 = template; *ptr1; ptr1++) for (ptr1 = user_input, ptr2 = template; *ptr1; ptr1++)
if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok && ptr2 != NULL) if (*ptr1 == (ptr2 ? *ptr2 : ptr1[1]) && ok)
ptr2++; ptr2++;
else else
ok = 0; ok = 0;
if (ptr2 == NULL || *ptr2 != 0)
ok = 0;
return !ok; return !ok;
} }