[Spice-devel] [PATCH v2] Add password length check
Cédric Bosdonnat
cbosdonnat at suse.com
Wed Jun 3 07:19:44 PDT 2015
Don't allow setting a too long password.
---
Diff to v1: only kept the admin/user password setting check
server/reds.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/server/reds.c b/server/reds.c
index 6d70b68..5579109 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3503,6 +3503,8 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s,
taTicket.expiration_time = now + lifetime;
}
if (passwd != NULL) {
+ if (strlen(passwd) > SPICE_MAX_PASSWORD_LENGTH)
+ return -1;
g_strlcpy(taTicket.password, passwd, sizeof(taTicket.password));
} else {
memset(taTicket.password, 0, sizeof(taTicket.password));
--
2.1.4
More information about the Spice-devel
mailing list