diff options
author | Jeff Trawick <trawick@apache.org> | 2004-11-30 14:41:31 +0000 |
---|---|---|
committer | Jeff Trawick <trawick@apache.org> | 2004-11-30 14:41:31 +0000 |
commit | 22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f (patch) | |
tree | 117de12864859bdc97a6591353ac10cc46b6ba06 /passwd/apr_getpass.c | |
parent | e069b8d0f6c579f6c5dfbc8bf0dc76a6e80f0118 (diff) | |
download | apr-22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f.tar.gz |
apr_password_get(): Fix the check for buffer overflow.
The input buffer had already been cleared by the
time the length of the input buffer was checked,
so overflow was never reported.
Add a comment about the length checking to the docs.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@107007 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'passwd/apr_getpass.c')
-rw-r--r-- | passwd/apr_getpass.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/passwd/apr_getpass.c b/passwd/apr_getpass.c index 0da9ca426..f30896139 100644 --- a/passwd/apr_getpass.c +++ b/passwd/apr_getpass.c @@ -219,12 +219,14 @@ APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_ #else char *pw_got = getpass(prompt); #endif + apr_status_t rv = APR_SUCCESS; + if (!pw_got) return APR_EINVAL; - apr_cpystrn(pwbuf, pw_got, *bufsiz); - memset(pw_got, 0, strlen(pw_got)); if (strlen(pw_got) >= *bufsiz) { - return APR_ENAMETOOLONG; + rv = APR_ENAMETOOLONG; } - return APR_SUCCESS; + apr_cpystrn(pwbuf, pw_got, *bufsiz); + memset(pw_got, 0, strlen(pw_got)); + return rv; } |