qbit/xenocara
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

xenodm uses the libc authentication layer incorrectly.

Browse Source 
fix by markus or millert
Reported by Qualys
This commit is contained in:
deraadt 2019-12-04 09:53:47 +00:00
parent 5886ab525a
commit ed32a4544c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/xenodm/greeter/verify.c
View File

@ -136,7 +136,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
explicit_bzero(greet->password, passwd_len);
/* Build path of the auth script and call it */
snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style);
auth_call(as, path, style, "-s", "response", greet->name,
auth_call(as, path, style, "-s", "response", "--", greet->name,
lc->lc_class, (void *)NULL);
authok = auth_getstate(as);