[PATCH v2] Add password length check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Don't allow setting a too long password.
---

 Diff to v1: only kept the admin/user password setting check

 server/reds.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/reds.c b/server/reds.c
index 6d70b68..5579109 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3503,6 +3503,8 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s,
         taTicket.expiration_time = now + lifetime;
     }
     if (passwd != NULL) {
+        if (strlen(passwd) > SPICE_MAX_PASSWORD_LENGTH)
+            return -1;
         g_strlcpy(taTicket.password, passwd, sizeof(taTicket.password));
     } else {
         memset(taTicket.password, 0, sizeof(taTicket.password));
-- 
2.1.4

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]