Bug 708483 – [PATCH] gkd: wrong/unintended size passed to read(2) in read_login_password

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 708483 - [PATCH] gkd: wrong/unintended size passed to read(2) in read_login_password


Summary:	[PATCH] gkd: wrong/unintended size passed to read(2) in read_login_password


Status:	RESOLVED FIXED

Product:	gnome-keyring
Classification:	Core
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-09-20 18:15 UTC by Lars Seipel
Modified:	2013-09-23 15:05 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix lapse where the login password is read in pointer-sized chunks (786 bytes, patch) 2013-09-20 18:15 UTC, Lars Seipel	committed	Details \| Review

Description Lars Seipel 2013-09-20 18:15:28 UTC

Created attachment 255436 [details] [review]
Fix lapse where the login password is read in pointer-sized chunks

While casually reading over gnome-keyring code something caught my eye: in read_login_password (daemon/gkd-main.c) an apparently non-sensical size is passed to read(2).

Read is called with sizeof(buf) as the third argument where the type of buf is gchar*. The consequences in this case are fairly minor: the function reads the login password in pointer-sized increments instead of using the actual capacity of the allocated buffer.

Nevertheless, why not just fix it? Find the patch attached.

Comment 1 Stef Walter 2013-09-23 15:05:25 UTC

Thanks for the patch. Added to git master.