This should not be a security issue. Old code just accepted
e.g. "CRV1foo" when only "CRV1:foo" should be parsed.
---
src/nm-openvpn-service.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 45e71c0..e2a1716 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -652,7 +652,7 @@ parse_challenge (const char *failure_reason, char
**challenge_state_id, char **c
char *colon[4];
int challenge_len;
- if (!(failure_reason && !strncmp (failure_reason, "CRV1:", 4)))
+ if (!(failure_reason && !strncmp (failure_reason, "CRV1:", 5)))
return FALSE;
colon[0] = strchr (failure_reason, ':');
--
2.1.4
_______________________________________________
networkmanager-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/networkmanager-list
