[K12OSN] ldm login and password that starts with '@'

Norman Gaywood ngaywood at une.edu.au
Thu Mar 1 02:19:46 UTC 2012


Just found an interesting bug in ldm. If you type @ as the first
character of the password, the enter key does not work.

The password of @guest@ or @backend@ will allow the enter key to work
again but the login screen will just go back to the user prompt.

This of course will stop people having @ as the first character of their
password.

Here is the code from ldmgreetercomm.c that I think is going wrong:

int listen_greeter(gchar **buffer, gsize *buflen, gsize *end) {
    while (1) {
        /* Reads data from I/O channel of the greeter */
        GError *ge = NULL;
        if(g_io_channel_read_line(greeterr, buffer, buflen, end, &ge) != G_IO_STATUS_NORMAL) {
            log_entry("ldm",3,"%s", ge->message);
            return 1;
        }

        g_strstrip(*buffer);
        log_entry("ldm",7,"Got command: %s",*buffer);

        /* handle callbacks */
        if (**buffer == '@') {
            if (!g_strncasecmp(*buffer, "@backend@", 9)) {
                ldm_raise_auth_except(AUTH_EXC_RELOAD_BACKEND);
            } else if (!g_strncasecmp(*buffer, "@guest@", 7)) {
                ldm_raise_auth_except(AUTH_EXC_GUEST);
            }
            continue;
        }
        break;
    }
    return 0;
}


I think that continue should not be there.


-- 
Norman Gaywood, Computer Systems Officer
University of New England, Armidale, NSW 2351, Australia

ngaywood at une.edu.au            Phone: +61 (0)2 6773 3337
http://mcs.une.edu.au/~norm    Fax:   +61 (0)2 6773 3312

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html




More information about the K12OSN mailing list