From d9786d74db9238d480d65adcc030586b710b6043 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Mon, 24 Nov 2014 10:59:32 +0100 Subject: [PATCH] Remove overzealous validity check for secrets We directly get the length of the secret from the g_variant and use it in a following g_strndup which ensures that the resulting string is terminated. This fixes reading secrets which were stored by system-config-printer. https://bugzilla.gnome.org/show_bug.cgi?id=740612 --- modules/printbackends/cups/gtkcupssecretsutils.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/printbackends/cups/gtkcupssecretsutils.c b/modules/printbackends/cups/gtkcupssecretsutils.c index 895e4bbcdb..7c5f374491 100644 --- a/modules/printbackends/cups/gtkcupssecretsutils.c +++ b/modules/printbackends/cups/gtkcupssecretsutils.c @@ -200,10 +200,9 @@ get_secret_cb (GObject *source_object, g_variant_unref (secret); - if (ba_passwd == NULL || strlen (ba_passwd) > len + 1) + if (ba_passwd == NULL) { - /* No secret or the secret is not a zero terminated value */ - GTK_NOTE (PRINTING, g_print ("Invalid secret.\n")); + GTK_NOTE (PRINTING, g_print ("Invalid / no secret found.\n")); g_variant_unref (s_value); goto fail; } -- 2.30.2