[PATCH 2/2] Use correct length in string comparison

From: Timo Juhani Lindfors <timo lindfors iki fi>
To: networkmanager-list gnome org
Subject: [PATCH 2/2] Use correct length in string comparison
Date: Wed, 5 Apr 2017 12:48:42 +0300

This should not be a security issue. Old code just accepted
e.g. "CRV1foo" when only "CRV1:foo" should be parsed.
---
 src/nm-openvpn-service.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 45e71c0..e2a1716 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -652,7 +652,7 @@ parse_challenge (const char *failure_reason, char **challenge_state_id, char **c
        char *colon[4];
        int challenge_len;
 
-       if (!(failure_reason && !strncmp (failure_reason, "CRV1:", 4)))
+       if (!(failure_reason && !strncmp (failure_reason, "CRV1:", 5)))
                return FALSE;
 
        colon[0] = strchr (failure_reason, ':');
-- 
2.1.4

Follow-Ups:
- Re: [PATCH 2/2] Use correct length in string comparison
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]