apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r107007 - /apr/apr/trunk/CHANGES /apr/apr/trunk/include/apr_lib.h /apr/apr/trunk/passwd/apr_getpass.c
Date Wed, 01 Dec 2004 12:46:00 GMT
On Wed, 1 Dec 2004 12:04:14 +0000, Joe Orton <jorton@redhat.com> wrote:
> On Tue, Nov 30, 2004 at 10:11:02AM -0500, Jeff Trawick wrote:
> 
> 
> > On 30 Nov 2004 14:41:33 -0000, trawick@apache.org <trawick@apache.org> wrote:
> > > apr_password_get(): Fix the check for buffer overflow.
> > > --- apr/apr/trunk/include/apr_lib.h     (original)
> > > +++ apr/apr/trunk/include/apr_lib.h     Tue Nov 30 06:41:31 2004
> > > @@ -168,6 +168,8 @@
> > >   * @param prompt The prompt to display
> > >   * @param pwbuf Buffer to store the password
> > >   * @param bufsize The length of the password buffer.
> > > + * @remark If the password entered must be truncated to fit in
> > > + * the provided buffer, APR_ENAMETOOLONG will be returned.
> > >   */
> > >  APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf,
> > >                                             apr_size_t *bufsize);
> >
> > another disturbance: we force caller to go to the trouble to pass by
> > address, but we don't update the size on output to indicate either the
> > number of bytes stored or the number of bytes needed; shrug or "fix"?
> 
> I think "shrug" - any callers might as well call strlen() than rely on a
> future version of the function which updates *bufsize.  I've updated to
> the docco to fix that in stone, hope that's OK.

+1

Mime
View raw message