[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: 'password' command in GRUB 2?

From: Vladimir 'phcoder' Serbinenko
Subject: Re: Re[2]: 'password' command in GRUB 2?
Date: Fri, 21 Aug 2009 13:30:14 +0200

>> +grub_err_t
>> +grub_auth_check_authentication (const char *userlist)
>> +{
>> +  char login[1024] = {0};
> Please avoid arbitrary limits.  If the grub_cmdline_get() API is enforcing
> them, then this function is wrong and should be using malloc() instead (like,
> say, getline() or asprintf() do).

If user has a username longer than 1K it can mean only that he is
trying to execute buffer overflow.

New patch. This time with password command (plaintext).
Beware that I haven't reread patch myself yet and until I do so AND
it's reviewed by other people it can't pretend to be secure.

Vladimir 'phcoder' Serbinenko

Personal git repository:

Attachment: auth.diff
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]