apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: cvs commit: apr/passwd apr_getpass.c
Date Mon, 12 Feb 2001 04:12:33 GMT
[ bringing back to list; OtherBill apparently misfired the reply ]

On Sun, Feb 11, 2001 at 09:42:02PM -0600, William A. Rowe, Jr. wrote:
> From: "Greg Stein" <gstein@lyra.org>
> Sent: Sunday, February 11, 2001 8:09 PM
> > 
> > Would it make sense to not return a partial password, if it is too long? For
> > example, change the function to:
> > 
> >     if (len < bufsize)
> >         apr_cpystrn(pwbuf, pw_got, bufsize);
> >     memset(pw_got, 0, len);
> >     if (len >= bufsize) {
> >         return APR_ENAMETOOLONG;
> >     }
> 
> six of one, half dozen of the other to me.  But we need to document the behavior
> (I believe it implies that we return partial results, which is why I fixed the
> code the way that I did.)

If the password was incomplete, then it will be useless. It just means that 
we'll end up with a (partial) copy of the password sitting in memory for no 
purpose. I'm up for not copying it unless we have a valid one.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message