Skip to content
Commit 37ca78a3 authored by Kevin Backhouse's avatar Kevin Backhouse Committed by Zbigniew Jędrzejewski-Szmek
Browse files

ask-password-api: fix error handling on invalid unicode character 

The integer overflow happens when utf8_encoded_valid_unichar() returns an error
code. The error code is a negative number: -22. This overflows when it is
assigned to `z` (type `size_t`). This can cause an infinite loop if the value
of `q` is 22 or larger.

To reproduce the bug, you need to run `systemd-ask-password` and enter an
invalid unicode character, followed by a backspace character.

GHSL-2021-052
parent 495787b5
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment