apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: apr/passwd apr_getpass.c
Date Sun, 10 Jun 2001 17:48:46 GMT
wrowe       01/06/10 10:48:46

  Modified:    passwd   apr_getpass.c
  Log:
    Even user created buffer overflows are ugly (ever leave something leaning
    on the keyboard :-?)
  
  Revision  Changes    Path
  1.18      +5 -8      apr/passwd/apr_getpass.c
  
  Index: apr_getpass.c
  ===================================================================
  RCS file: /home/cvs/apr/passwd/apr_getpass.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- apr_getpass.c	2001/04/12 13:47:51	1.17
  +++ apr_getpass.c	2001/06/10 17:48:46	1.18
  @@ -113,12 +113,8 @@
       static char password[MAX_STRING_LEN];
   
       fputs(prompt, stderr);
  -    gets((char *) &password);
  +    fgets((char *) &password, sizeof(password), stdin);
   
  -    if (strlen((char *) &password) > (MAX_STRING_LEN - 1)) {
  -	password[MAX_STRING_LEN - 1] = '\0';
  -    }
  -
       return (char *) &password;
   }
   
  @@ -140,7 +136,7 @@
       if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0)
   	    return NULL;
       while ((password[n] = getchar()) != '\n') {
  -        if (password[n] >= ' ' && password[n] <= '~') {
  +        if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n]
<= '~') {
               n++;
           } else {
               fprintf(stderr,"\n");
  @@ -175,7 +171,7 @@
       fputs(prompt, stderr);
       
       while ((password[n] = _getch()) != '\r') {
  -        if (password[n] >= ' ' && password[n] <= '~') {
  +        if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n]
<= '~') {
               n++;
               printf("*");
           }
  @@ -211,7 +207,8 @@
    *
    * Restrictions: Truncation also occurs according to the host system's
    * getpass() semantics, or at position 255 if our own version is used,
  - * but the caller is *not* made aware of it.
  + * but the caller is *not* made aware of it unless their own buffer is
  + * smaller than our own.
    */
   
   APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, size_t *bufsiz)
  
  
  

Mime
View raw message