[Spice-devel] [PATCH v2] Add password length check
Christophe Fergeau
cfergeau at redhat.com
Thu Jun 4 02:20:06 PDT 2015
ACK.
On Wed, Jun 03, 2015 at 04:19:44PM +0200, Cédric Bosdonnat wrote:
> Don't allow setting a too long password.
> ---
>
> Diff to v1: only kept the admin/user password setting check
>
> server/reds.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/server/reds.c b/server/reds.c
> index 6d70b68..5579109 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -3503,6 +3503,8 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s,
> taTicket.expiration_time = now + lifetime;
> }
> if (passwd != NULL) {
> + if (strlen(passwd) > SPICE_MAX_PASSWORD_LENGTH)
> + return -1;
> g_strlcpy(taTicket.password, passwd, sizeof(taTicket.password));
> } else {
> memset(taTicket.password, 0, sizeof(taTicket.password));
> --
> 2.1.4
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20150604/94b50d81/attachment.sig>
More information about the Spice-devel
mailing list