--- gdm-2.30.7/daemon/gdm-session-worker.c-orig	2012-02-21 20:27:25.469131407 -0600
+++ gdm-2.30.7/daemon/gdm-session-worker.c	2012-02-21 20:52:54.218996258 -0600
@@ -983,11 +983,12 @@ gdm_session_worker_process_pam_message (
         }
 
         if (user_answer != NULL) {
-                /* we strdup and g_free to make sure we return malloc'd
-                 * instead of g_malloc'd memory
+                /* we strndup and g_free to make sure we return malloc'd
+                 * instead of g_malloc'd memory.  PAM_MAX_RESP_SIZE includes
+                 * the '\0' terminating character, thus the "-1".
                  */
                 if (res && response_text != NULL) {
-                        *response_text = strdup (user_answer);
+                        *response_text = strndup (user_answer, PAM_MAX_RESP_SIZE-1);
                 }
 
                 memset (user_answer, '\0', strlen (user_answer));