trivial bug in polkit_agent_session_response()
While reading the code to find out what's happening on the interface to the setuid helper, I found this:
response_len = strlen (response);
add_newline = (response[response_len] != '\n');
which will always set add_newline
to TRUE
, since it's actually comparing to the nul terminator byte rather than (as likely intended) the last character in the string.
I don't think there's any security implication, but it's definitely a bug.