[gdm] When providing data to PAM, use strndup with "PAM_MAX_RESP_SIZE - 1" and make sure the last characte

[Brian Cameron <bcameron src gnome org>]

commit dc1797c436b4552324a2dfc41fca9a85c674ae7a
Author: Brian Cameron <brian cameron oracle com>
Date:   Fri Jun 22 09:36:46 2012 -0500

    When providing data to PAM, use strndup with "PAM_MAX_RESP_SIZE - 1"
    and make sure the last character is a '\0'.

 daemon/gdm-session-worker.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 449e7d1..1e1cf37 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -860,11 +860,13 @@ gdm_session_worker_process_pam_message (GdmSessionWorker          *worker,
         }
 
         if (user_answer != NULL) {
-                /* we strdup and g_free to make sure we return malloc'd
-                 * instead of g_malloc'd memory
+                /* we strndup and g_free to make sure we return malloc'd
+                 * instead of g_malloc'd memory.  PAM_MAX_RESP_SIZE includes
+                 * the '\0' terminating character, thus the "- 1".
                  */
                 if (res && response_text != NULL) {
-                        *response_text = strdup (user_answer);
+                        *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE - 1);
+                        (*response_text)[PAM_MAX_RESP_SIZE - 1] = '\0';
                 }
 
                 memset (user_answer, '\0', strlen (user_answer));