greeter crashes on empty username

Bug #1266449 reported by Guido Berhoerster on 2014-01-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
LightDM GTK+ Greeter
lightdm-gtk-greeter (Debian)

Bug Description

lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle the possibility of lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid, i.e. when it was empty, resulting in a NULL pointer dereference in start_authentication().

Guido Berhoerster (gber) wrote :

This is a security issue due to the possibility of a local denial of service. A CVE has been requested at

information type: Public → Public Security
Yves-Alexis Perez (corsac) wrote :

I can confirm on Debian sid with 1.6. Here's a patch against our package, taken from the Suse report. There are other strcmp() which might need checking too.

Sean Davis (bluesabre) wrote :

Thanks everyone, fixed in trunk.

Changed in lightdm-gtk-greeter:
status: New → Fix Committed
milestone: none → 1.7.1
Sean Davis (bluesabre) on 2014-01-21
Changed in lightdm-gtk-greeter:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers