summaryrefslogtreecommitdiffstats
path: root/x11/gdm/files/patch-gui_simple-greeter_gdm-user.c
diff options
context:
space:
mode:
authorkwm <kwm@df743ca5-7f9a-e211-a948-0013205c9059>2011-06-02 19:58:25 +0800
committerkwm <kwm@df743ca5-7f9a-e211-a948-0013205c9059>2011-06-02 19:58:25 +0800
commite8bf40e496dbf74e2ee91a95bf04886ad32a23f4 (patch)
tree26558e38dafffdf2318eb68bd26e54a98fb1d67a /x11/gdm/files/patch-gui_simple-greeter_gdm-user.c
parent6c90da75235f2adc2c2cf2c590fb85459cdde03a (diff)
downloadmarcuscom-ports-e8bf40e496dbf74e2ee91a95bf04886ad32a23f4.tar.gz
marcuscom-ports-e8bf40e496dbf74e2ee91a95bf04886ad32a23f4.tar.zst
marcuscom-ports-e8bf40e496dbf74e2ee91a95bf04886ad32a23f4.zip
Backport fix for CVE-2011-1709 from the 2.32.2 release.
As I understand it this only happens with GLib 2.28. git-svn-id: svn://creme-brulee.marcuscom.com/ports/trunk@16019 df743ca5-7f9a-e211-a948-0013205c9059
Diffstat (limited to 'x11/gdm/files/patch-gui_simple-greeter_gdm-user.c')
-rw-r--r--x11/gdm/files/patch-gui_simple-greeter_gdm-user.c34
1 files changed, 34 insertions, 0 deletions
diff --git a/x11/gdm/files/patch-gui_simple-greeter_gdm-user.c b/x11/gdm/files/patch-gui_simple-greeter_gdm-user.c
new file mode 100644
index 000000000..e5fb649c6
--- /dev/null
+++ b/x11/gdm/files/patch-gui_simple-greeter_gdm-user.c
@@ -0,0 +1,34 @@
+--- gui/simple-greeter/gdm-user.c.orig 2009-12-16 17:52:36.000000000 -0500
++++ gui/simple-greeter/gdm-user.c 2009-12-18 21:43:38.000000000 -0500
+@@ -425,6 +425,7 @@ _gdm_user_update (GdmUser *u
+ /* Display Name */
+ if (pwent->pw_gecos && pwent->pw_gecos[0] != '\0') {
+ gchar *first_comma = NULL;
++ gchar *ampersand;
+ gchar *valid_utf8_name = NULL;
+
+ if (g_utf8_validate (pwent->pw_gecos, -1, NULL)) {
+@@ -449,6 +450,23 @@ _gdm_user_update (GdmUser *u
+ g_free (real_name);
+ real_name = NULL;
+ }
++
++ while (real_name != NULL && (ampersand = strchr (real_name, '&')) != NULL) {
++ gchar *temp_real_name1;
++ gchar *temp_real_name2;
++ gchar *temp_name;
++
++ temp_real_name1 = g_strndup (real_name,
++ (ampersand - real_name));
++ temp_real_name2 = g_strdup (ampersand + 1);
++ temp_name = g_strdup (pwent->pw_name);
++ temp_name[0] = toupper (temp_name[0]);
++ g_free (real_name);
++ real_name = g_strdup_printf ("%s%s%s", temp_real_name1, temp_name, temp_real_name2);
++ g_free (temp_real_name1);
++ g_free (temp_real_name2);
++ g_free (temp_name);
++ }
+ } else {
+ real_name = NULL;
+ }