You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Greg Stein <gs...@lyra.org> on 2001/02/12 03:09:04 UTC
Re: cvs commit: apr/passwd apr_getpass.c
On Sun, Feb 11, 2001 at 11:35:07PM -0000, wrowe@apache.org wrote:
>...
> --- apr_getpass.c 2001/02/11 23:32:11 1.12
> +++ apr_getpass.c 2001/02/11 23:35:07 1.13
> @@ -215,12 +215,10 @@
> APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, size_t *bufsiz)
> {
> char *pw_got = getpass(prompt);
> - if (strlen(pw_got) > (*bufsiz - 1)) {
> - *bufsiz = ERR_OVERFLOW;
> - memset(pw_got, 0, strlen(pw_got));
> - return APR_ENAMETOOLONG;
> - }
> apr_cpystrn(pwbuf, pw_got, *bufsiz);
> memset(pw_got, 0, strlen(pw_got));
> + if (strlen(pw_got) >= *bufsiz) {
> + return APR_ENAMETOOLONG;
> + }
> return APR_SUCCESS;
> }
Would it make sense to not return a partial password, if it is too long? For
example, change the function to:
{
char *pw_got = getpass(prompt);
apr_size_t len = strlen(pw_got);
if (len < bufsize)
apr_cpystrn(pwbuf, pw_got, bufsize);
memset(pw_got, 0, len);
if (len >= bufsize) {
return APR_ENAMETOOLONG;
}
return APR_SUCCESS;
}
Cheers,
-g
--
Greg Stein, http://www.lyra.org/