apr_password_get(): Fix the check for buffer overflow.

The input buffer had already been cleared by the time the length of the input buffer was checked, so overflow was never reported. Add a comment about the length checking to the docs. git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@107007 13f79535-47bb-0310-9956-ffa450edef68
author: trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> 2004-11-30 14:41:31 +0000
committer: trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> 2004-11-30 14:41:31 +0000
commit: 9fb8875cd01836b446ae744064e96a9d0ae77a5e (patch)
tree: 117de12864859bdc97a6591353ac10cc46b6ba06 /passwd
parent: 933e9dbcba38ef3e172edababdc87c4b8fdf9b6e (diff)
download: libapr-9fb8875cd01836b446ae744064e96a9d0ae77a5e.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/passwd/apr_getpass.c b/passwd/apr_getpass.c
index 0da9ca426..f30896139 100644
--- a/passwd/apr_getpass.c
+++ b/passwd/apr_getpass.c
@@ -219,12 +219,14 @@ APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_
 #else
     char *pw_got = getpass(prompt);
 #endif
+    apr_status_t rv = APR_SUCCESS;
+
     if (!pw_got)
         return APR_EINVAL;
-    apr_cpystrn(pwbuf, pw_got, *bufsiz);
-    memset(pw_got, 0, strlen(pw_got));
     if (strlen(pw_got) >= *bufsiz) {
-        return APR_ENAMETOOLONG;
+        rv = APR_ENAMETOOLONG;
     }
-    return APR_SUCCESS; 
+    apr_cpystrn(pwbuf, pw_got, *bufsiz);
+    memset(pw_got, 0, strlen(pw_got));
+    return rv;
 }
author	trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68>	2004-11-30 14:41:31 +0000
committer	trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68>	2004-11-30 14:41:31 +0000
commit	9fb8875cd01836b446ae744064e96a9d0ae77a5e (patch)
tree	117de12864859bdc97a6591353ac10cc46b6ba06 /passwd
parent	933e9dbcba38ef3e172edababdc87c4b8fdf9b6e (diff)
download	libapr-9fb8875cd01836b446ae744064e96a9d0ae77a5e.tar.gz