apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r107007 - /apr/apr/trunk/CHANGES /apr/apr/trunk/include/apr_lib.h /apr/apr/trunk/passwd/apr_getpass.c
Date Tue, 30 Nov 2004 15:11:02 GMT
On 30 Nov 2004 14:41:33 -0000, trawick@apache.org <trawick@apache.org> wrote:
> apr_password_get(): Fix the check for buffer overflow.
> --- apr/apr/trunk/include/apr_lib.h     (original)
> +++ apr/apr/trunk/include/apr_lib.h     Tue Nov 30 06:41:31 2004
> @@ -168,6 +168,8 @@
>   * @param prompt The prompt to display
>   * @param pwbuf Buffer to store the password
>   * @param bufsize The length of the password buffer.
> + * @remark If the password entered must be truncated to fit in
> + * the provided buffer, APR_ENAMETOOLONG will be returned.
>   */
>  APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf,
>                                             apr_size_t *bufsize);

another disturbance: we force caller to go to the trouble to pass by
address, but we don't update the size on output to indicate either the
number of bytes stored or the number of bytes needed; shrug or "fix"?

Mime
View raw message