shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

ask-password-api: fix error handling on invalid unicode character

Browse Source 
The integer overflow happens when utf8_encoded_valid_unichar() returns an error
code. The error code is a negative number: -22. This overflows when it is
assigned to `z` (type `size_t`). This can cause an infinite loop if the value
of `q` is 22 or larger.

To reproduce the bug, you need to run `systemd-ask-password` and enter an
invalid unicode character, followed by a backspace character.

GHSL-2021-052
This commit is contained in:
Kevin Backhouse 2021-03-12 18:00:56 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 495787b56c
commit 37ca78a35c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/ask-password-api.c
View File

@ -581,10 +581,10 @@ int ask_password_tty(
* last one begins */
q = 0;
for (;;) {
size_t z;
int z;
z = utf8_encoded_valid_unichar(passphrase + q, SIZE_MAX);
if (z == 0) {
if (z <= 0) {
q = SIZE_MAX; /* Invalid UTF8! */
break;
}