apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r107007 - /apr/apr/trunk/CHANGES /apr/apr/trunk/include/apr_lib.h /apr/apr/trunk/passwd/apr_getpass.c
Date Tue, 30 Nov 2004 14:41:33 GMT
Author: trawick
Date: Tue Nov 30 06:41:31 2004
New Revision: 107007

URL: http://svn.apache.org/viewcvs?view=rev&rev=107007
Log:
apr_password_get(): Fix the check for buffer overflow.

The input buffer had already been cleared by the
time the length of the input buffer was checked,
so overflow was never reported.

Add a comment about the length checking to the docs.

Modified:
   apr/apr/trunk/CHANGES
   apr/apr/trunk/include/apr_lib.h
   apr/apr/trunk/passwd/apr_getpass.c

Modified: apr/apr/trunk/CHANGES
Url: http://svn.apache.org/viewcvs/apr/apr/trunk/CHANGES?view=diff&rev=107007&p1=apr/apr/trunk/CHANGES&r1=107006&p2=apr/apr/trunk/CHANGES&r2=107007
==============================================================================
--- apr/apr/trunk/CHANGES	(original)
+++ apr/apr/trunk/CHANGES	Tue Nov 30 06:41:31 2004
@@ -32,6 +32,8 @@
 
 Changes for APR 1.0.1
 
+  *) apr_password_get(): Fix the check for buffer overflow.  [Jeff Trawick]
+
   *) Fix HUP return codes in pollset when using KQueue.
      [Paul Querna]
 

Modified: apr/apr/trunk/include/apr_lib.h
Url: http://svn.apache.org/viewcvs/apr/apr/trunk/include/apr_lib.h?view=diff&rev=107007&p1=apr/apr/trunk/include/apr_lib.h&r1=107006&p2=apr/apr/trunk/include/apr_lib.h&r2=107007
==============================================================================
--- apr/apr/trunk/include/apr_lib.h	(original)
+++ apr/apr/trunk/include/apr_lib.h	Tue Nov 30 06:41:31 2004
@@ -168,6 +168,8 @@
  * @param prompt The prompt to display
  * @param pwbuf Buffer to store the password
  * @param bufsize The length of the password buffer.
+ * @remark If the password entered must be truncated to fit in
+ * the provided buffer, APR_ENAMETOOLONG will be returned.
  */
 APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, 
                                            apr_size_t *bufsize);

Modified: apr/apr/trunk/passwd/apr_getpass.c
Url: http://svn.apache.org/viewcvs/apr/apr/trunk/passwd/apr_getpass.c?view=diff&rev=107007&p1=apr/apr/trunk/passwd/apr_getpass.c&r1=107006&p2=apr/apr/trunk/passwd/apr_getpass.c&r2=107007
==============================================================================
--- apr/apr/trunk/passwd/apr_getpass.c	(original)
+++ apr/apr/trunk/passwd/apr_getpass.c	Tue Nov 30 06:41:31 2004
@@ -219,12 +219,14 @@
 #else
     char *pw_got = getpass(prompt);
 #endif
+    apr_status_t rv = APR_SUCCESS;
+
     if (!pw_got)
         return APR_EINVAL;
-    apr_cpystrn(pwbuf, pw_got, *bufsiz);
-    memset(pw_got, 0, strlen(pw_got));
     if (strlen(pw_got) >= *bufsiz) {
-        return APR_ENAMETOOLONG;
+        rv = APR_ENAMETOOLONG;
     }
-    return APR_SUCCESS; 
+    apr_cpystrn(pwbuf, pw_got, *bufsiz);
+    memset(pw_got, 0, strlen(pw_got));
+    return rv;
 }

Mime
View raw message