greeter crashes on empty username

Bug #1266449 reported by Guido Berhoerster
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
LightDM GTK Greeter
Fix Released
Undecided
Unassigned
lightdm-gtk-greeter (Debian)
New
Undecided
Unassigned

Bug Description

lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle the possibility of lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid, i.e. when it was empty, resulting in a NULL pointer dereference in start_authentication().

Revision history for this message
Guido Berhoerster (gber) wrote :

This is a security issue due to the possibility of a local denial of service. A CVE has been requested at
http://thread.gmane.org/gmane.comp.security.oss.general/11812

information type: Public → Public Security
Revision history for this message
Yves-Alexis Perez (corsac) wrote :

I can confirm on Debian sid with 1.6. Here's a patch against our package, taken from the Suse report. There are other strcmp() which might need checking too.

Revision history for this message
Sean Davis (bluesabre) wrote :

Thanks everyone, fixed in trunk.

Changed in lightdm-gtk-greeter:
status: New → Fix Committed
milestone: none → 1.7.1
Sean Davis (bluesabre)
Changed in lightdm-gtk-greeter:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.