apr_password_get(): Fix the check for buffer overflow.

The input buffer had already been cleared by the time the length of the input buffer was checked, so overflow was never reported. Add a comment about the length checking to the docs. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@107007 13f79535-47bb-0310-9956-ffa450edef68
author: Jeff Trawick <trawick@apache.org> 2004-11-30 14:41:31 +0000
committer: Jeff Trawick <trawick@apache.org> 2004-11-30 14:41:31 +0000
commit: 22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f (patch)
tree: 117de12864859bdc97a6591353ac10cc46b6ba06 /passwd
parent: e069b8d0f6c579f6c5dfbc8bf0dc76a6e80f0118 (diff)
download: apr-22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/passwd/apr_getpass.c b/passwd/apr_getpass.c
index 0da9ca426..f30896139 100644
--- a/passwd/apr_getpass.c
+++ b/passwd/apr_getpass.c
@@ -219,12 +219,14 @@ APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_
 #else
     char *pw_got = getpass(prompt);
 #endif
+    apr_status_t rv = APR_SUCCESS;
+
     if (!pw_got)
         return APR_EINVAL;
-    apr_cpystrn(pwbuf, pw_got, *bufsiz);
-    memset(pw_got, 0, strlen(pw_got));
     if (strlen(pw_got) >= *bufsiz) {
-        return APR_ENAMETOOLONG;
+        rv = APR_ENAMETOOLONG;
     }
-    return APR_SUCCESS; 
+    apr_cpystrn(pwbuf, pw_got, *bufsiz);
+    memset(pw_got, 0, strlen(pw_got));
+    return rv;
 }
author	Jeff Trawick <trawick@apache.org>	2004-11-30 14:41:31 +0000
committer	Jeff Trawick <trawick@apache.org>	2004-11-30 14:41:31 +0000
commit	22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f (patch)
tree	117de12864859bdc97a6591353ac10cc46b6ba06 /passwd
parent	e069b8d0f6c579f6c5dfbc8bf0dc76a6e80f0118 (diff)
download	apr-22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f.tar.gz