You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@apr.apache.org by wr...@apache.org on 2001/02/12 00:31:04 UTC

cvs commit: apr/include apr_lib.h

wrowe       01/02/11 15:31:04

  Modified:    .        CHANGES
               passwd   apr_getpass.c
               include  apr_lib.h
  Log:
    result(?)  What result?  Stop mauling the size_t arg and overwrite the
    system buffer before returning from apr_password_get, and clean up doc.
  
  Revision  Changes    Path
  1.59      +3 -0      apr/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apr/CHANGES,v
  retrieving revision 1.58
  retrieving revision 1.59
  diff -u -r1.58 -r1.59
  --- CHANGES	2001/02/11 00:12:10	1.58
  +++ CHANGES	2001/02/11 23:31:04	1.59
  @@ -1,5 +1,8 @@
   Changes with APR b1  
   
  +  *) Purge system password buffer before returning from apr_password_get.
  +     No longer abuses bufsize argument on return.  [William Rowe]
  +
     *) Moved the prototypes for apr_snprintf and apr_vsnprintf to the
        apr_strings.h header, from apr_lib.h.  This location makes more
        sense.  [Ryan Bloom]
  
  
  
  1.11      +2 -1      apr/passwd/apr_getpass.c
  
  Index: apr_getpass.c
  ===================================================================
  RCS file: /home/cvs/apr/passwd/apr_getpass.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- apr_getpass.c	2001/02/08 07:44:59	1.10
  +++ apr_getpass.c	2001/02/11 23:31:04	1.11
  @@ -220,9 +220,10 @@
       pw_got = getpass(prompt);
       if (strlen(pw_got) > (*bufsiz - 1)) {
   	*bufsiz = ERR_OVERFLOW;
  +        memset(pw_got, 0, strlen(pw_got));
           return APR_ENAMETOOLONG;
       }
       apr_cpystrn(pwbuf, pw_got, *bufsiz);
  -    *bufsiz = result;
  +    memset(pw_got, 0, strlen(pw_got));
       return APR_SUCCESS; 
   }
  
  
  
  1.52      +3 -3      apr/include/apr_lib.h
  
  Index: apr_lib.h
  ===================================================================
  RCS file: /home/cvs/apr/include/apr_lib.h,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -r1.51 -r1.52
  --- apr_lib.h	2001/02/11 00:12:11	1.51
  +++ apr_lib.h	2001/02/11 23:31:04	1.52
  @@ -220,12 +220,12 @@
   /**
    * Display a prompt and read in the password from stdin.
    * @param prompt The prompt to display
  - * @param pwbuf Where to store the password
  - * @param bufsize The length of the password string.
  + * @param pwbuf Buffer to store the password
  + * @param bufsize The length of the password buffer.
    * @deffunc apr_status_t apr_password_get(const char *prompt, char *pwbuf, size_t *bufsize)
    */
   APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, 
  -                                      size_t *bufsize);
  +                                           size_t *bufsize);
   
   #ifdef __cplusplus
   }

Re: cvs commit: apr/include apr_lib.h

Posted by Greg Stein <gs...@lyra.org>.

[ bringing back to list; OtherBill apparently misfired the reply ]

On Sun, Feb 11, 2001 at 09:37:31PM -0600, William A. Rowe, Jr. wrote:
> From: "Greg Stein" <gs...@lyra.org>
> Sent: Sunday, February 11, 2001 8:05 PM
> 
> 
> > > wrowe       01/02/11 15:31:04
> > > 
> > >   Modified:    .        CHANGES
> > >                passwd   apr_getpass.c
> > >                include  apr_lib.h
> > >   Log:
> > >     result(?)  What result?  Stop mauling the size_t arg and overwrite the
> > >     system buffer before returning from apr_password_get, and clean up doc.
> 
> > >    APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, 
> > >   -                                      size_t *bufsize);
> > >   +                                           size_t *bufsize);
> 
> > Um... couldn't that bufsize just be an apr_size_t rather than "size_t *" ??
> > If you aren't going to return a value, then drop the indirection, right?
> 
> Absolutely apr_size_t.  And that is a question, do we want to return the actual
> size needed/used?  I personally don't care, but wasn't going to make that call
> when I was fixing the fn (returned 0 before, rather useless.)  So I'd agree in
> part, either apr_size_t bufsize, or apr_size_t *bufsize returning the size used
> or needed (len as returned by getpass).

I don't think we need to return the size. The caller can always use strlen()
if that is needed.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Re: cvs commit: apr/include apr_lib.h

Posted by Greg Stein <gs...@lyra.org>.

On Sun, Feb 11, 2001 at 11:31:04PM -0000, wrowe@apache.org wrote:
> wrowe       01/02/11 15:31:04
> 
>   Modified:    .        CHANGES
>                passwd   apr_getpass.c
>                include  apr_lib.h
>   Log:
>     result(?)  What result?  Stop mauling the size_t arg and overwrite the
>     system buffer before returning from apr_password_get, and clean up doc.
>...
>   --- apr_lib.h	2001/02/11 00:12:11	1.51
>   +++ apr_lib.h	2001/02/11 23:31:04	1.52
>   @@ -220,12 +220,12 @@
>    /**
>     * Display a prompt and read in the password from stdin.
>     * @param prompt The prompt to display
>   - * @param pwbuf Where to store the password
>   - * @param bufsize The length of the password string.
>   + * @param pwbuf Buffer to store the password
>   + * @param bufsize The length of the password buffer.
>     * @deffunc apr_status_t apr_password_get(const char *prompt, char *pwbuf, size_t *bufsize)
>     */
>    APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, 
>   -                                      size_t *bufsize);
>   +                                           size_t *bufsize);

Um... couldn't that bufsize just be an apr_size_t rather than "size_t *" ??
If you aren't going to return a value, then drop the indirection, right?

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/