From 872f2d32d979a1dd2145667487f170fec8b5189a Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 14 Nov 2011 11:31:37 -0500 Subject: RESPONDER: Ensure that all input strings are valid UTF-8 --- src/responder/pam/pamsrv_cmd.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/responder/pam/pamsrv_cmd.c') diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 1d2a2a58e..18ba3fdf3 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -70,6 +70,11 @@ static int extract_string(char **var, size_t size, uint8_t *body, size_t blen, if (str[size-1]!='\0') return EINVAL; + /* If the string isn't valid UTF-8, fail */ + if (!sss_utf8_check(str, size)) { + return EINVAL; + } + *c += size; *var = (char *) str; -- cgit