GNOME Bugzilla – Bug 703002
screen sharing password should be limited to 8 chars
Last modified: 2013-06-26 14:23:29 UTC
vino (and vnc protocol) only recognizes the 8 first chars. also, vinagre, gnome vnc client limits its entries to 8 chars as well.
Created attachment 247667 [details] [review] proposed patch
Review of attachment 247667 [details] [review]: Patch looks fine to me, please push to master and gnome-3-8 branches.
(In reply to comment #0) > vino (and vnc protocol) only recognizes the 8 first chars. also, > vinagre, gnome vnc client limits its entries to 8 chars as well. The first 8 bytes or the first 8 utf-8 characters?
8 bytes
Review of attachment 247667 [details] [review]: ::: panels/sharing/sharing.ui @@ +1200,3 @@ <property name="invisible_char_set">True</property> <property name="input_purpose">password</property> + <property name="max_length">8</property> This is the number of characters, not the number of bytes needed to fit those characters. If non-ASCII characters are allowed as a password, then you'll need to restrict the maximum number of characters by checking the byte size.
Created attachment 247813 [details] [review] proposed patch, v2 2nd try, this time blocks the input at 8 bytes, not 8 chars. the plan is to apply this into 3.8 branch as well, so, no new strings.
Review of attachment 247813 [details] [review]: ::: panels/sharing/cc-sharing-panel.c @@ +762,3 @@ + + available_size = MAX_PASSWORD_SIZE - l; + if (available_size == 0) Looks like it doesn't handle me typing 7 bytes then trying to insert a 2 byte character (available_size would be negative).
"l" is the current size (in bytes) of the entry. in your example, 7. available_size would be equal to 1 it would never be less than zero, because the size would never be great than MAX_PASSWORD_SIZE. i've tried here various combinations and it worked fine.
Review of attachment 247813 [details] [review]: ::: panels/sharing/cc-sharing-panel.c @@ +747,3 @@ +screen_sharing_password_insert_text_cb (GtkEditable *editable, + gchar *new_text, + gint new_text_length, Say we have a 2-byte unicode character. @@ +753,3 @@ + int l, available_size; + + l = gtk_entry_buffer_get_bytes (gtk_entry_get_buffer (GTK_ENTRY (editable))); l = 7 bytes. @@ +755,3 @@ + l = gtk_entry_buffer_get_bytes (gtk_entry_get_buffer (GTK_ENTRY (editable))); + + if (l + new_text_length <= MAX_PASSWORD_SIZE) That condition fails. 7 + 2 ! <= 8 fails, and carries on. @@ +761,3 @@ + gtk_widget_error_bell (GTK_WIDGET (editable)); + + available_size = MAX_PASSWORD_SIZE - l; 8 - 7 = 1 @@ +768,3 @@ + (gpointer) screen_sharing_password_insert_text_cb, + user_data); + gtk_editable_insert_text (editable, new_text, available_size, position); And you'll be sending one byte out of the 2 byte of the character here.
Created attachment 247825 [details] [review] proposed patch, v3 3rd try this time I restrict the variable available_size to the value returned by g_utf8_strlen(), which avoids that break in the middle of a multi-byte char.
pushed into master and 3.8