Re: Re[2]: 'password' command in GRUB 2?

[Vladimir 'phcoder' Serbinenko]

Updated. one bug fixed and now compileable with Apple's CC

On Fri, Aug 21, 2009 at 1:30 PM, Vladimir 'phcoder'
Serbinenko<address@hidden> wrote:
>>
>>> +grub_err_t
>>> +grub_auth_check_authentication (const char *userlist)
>>> +{
>>> +  char login[1024] = {0};
>>
>> Please avoid arbitrary limits.  If the grub_cmdline_get() API is enforcing
>> them, then this function is wrong and should be using malloc() instead (like,
>> say, getline() or asprintf() do).
>>
>
> If user has a username longer than 1K it can mean only that he is
> trying to execute buffer overflow.
>
> New patch. This time with password command (plaintext).
> Beware that I haven't reread patch myself yet and until I do so AND
> it's reviewed by other people it can't pretend to be secure.
>
> --
> Regards
> Vladimir 'phcoder' Serbinenko
>
> Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
>



-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git

auth.diff
Description: Text document