From 22e45bfcea1c30efa433d98f1f0e7b0a99e3e28f Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Tue, 30 Nov 2004 14:41:31 +0000 Subject: apr_password_get(): Fix the check for buffer overflow. The input buffer had already been cleared by the time the length of the input buffer was checked, so overflow was never reported. Add a comment about the length checking to the docs. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@107007 13f79535-47bb-0310-9956-ffa450edef68 --- passwd/apr_getpass.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'passwd') diff --git a/passwd/apr_getpass.c b/passwd/apr_getpass.c index 0da9ca426..f30896139 100644 --- a/passwd/apr_getpass.c +++ b/passwd/apr_getpass.c @@ -219,12 +219,14 @@ APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_ #else char *pw_got = getpass(prompt); #endif + apr_status_t rv = APR_SUCCESS; + if (!pw_got) return APR_EINVAL; - apr_cpystrn(pwbuf, pw_got, *bufsiz); - memset(pw_got, 0, strlen(pw_got)); if (strlen(pw_got) >= *bufsiz) { - return APR_ENAMETOOLONG; + rv = APR_ENAMETOOLONG; } - return APR_SUCCESS; + apr_cpystrn(pwbuf, pw_got, *bufsiz); + memset(pw_got, 0, strlen(pw_got)); + return rv; } -- cgit v1.2.1