apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: cvs commit: apr/passwd apr_getpass.c
Date Mon, 12 Feb 2001 02:09:04 GMT
On Sun, Feb 11, 2001 at 11:35:07PM -0000, wrowe@apache.org wrote:
>...
>   --- apr_getpass.c	2001/02/11 23:32:11	1.12
>   +++ apr_getpass.c	2001/02/11 23:35:07	1.13
>   @@ -215,12 +215,10 @@
>    APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, size_t
*bufsiz)
>    {
>        char *pw_got = getpass(prompt);
>   -    if (strlen(pw_got) > (*bufsiz - 1)) {
>   -	*bufsiz = ERR_OVERFLOW;
>   -        memset(pw_got, 0, strlen(pw_got));
>   -        return APR_ENAMETOOLONG;
>   -    }
>        apr_cpystrn(pwbuf, pw_got, *bufsiz);
>        memset(pw_got, 0, strlen(pw_got));
>   +    if (strlen(pw_got) >= *bufsiz) {
>   +        return APR_ENAMETOOLONG;
>   +    }
>        return APR_SUCCESS; 
>    }

Would it make sense to not return a partial password, if it is too long? For
example, change the function to:

{
    char *pw_got = getpass(prompt);
    apr_size_t len = strlen(pw_got);

    if (len < bufsize)
        apr_cpystrn(pwbuf, pw_got, bufsize);
    memset(pw_got, 0, len);
    if (len >= bufsize) {
        return APR_ENAMETOOLONG;
    }
    return APR_SUCCESS; 
}


Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message