do_auth_dialog: Fix off-by-one error leading to reads of uninitialized memory.
This bug manifested as a junk character at the end of the text in the
authentication dialog.
---
commit 7f872d610a81d978717dfdb1c4f649bf3e8253d7
tree ba370a886387e1da89f1a9c3a16bffc3ab997340
parent 5b260ad69d031d0edf12e17a69b68de8db0bebc8
author Kalle Olavi Niemitalo <[EMAIL PROTECTED]> Sat, 24 Jun 2006 16:41:16 +0300
committer Kalle Olavi Niemitalo <[EMAIL PROTECTED]> Sun, 06 Aug 2006 14:32:17
+0300
src/protocol/auth/dialogs.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/protocol/auth/dialogs.c b/src/protocol/auth/dialogs.c
index 6c88578..47e10e2 100644
--- a/src/protocol/auth/dialogs.c
+++ b/src/protocol/auth/dialogs.c
@@ -90,7 +90,8 @@ do_auth_dialog(struct session *ses, void
if (sticker_len < 0 || sticker_len > MAX_STR_LEN) return;
#define AUTH_WIDGETS_COUNT 5
- dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len);
+ /* + 1 to leave room for the '\0'. */
+ dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len + 1);
if (!dlg) return;
a->blocked = 1;
@@ -99,7 +100,7 @@ #define AUTH_WIDGETS_COUNT 5
dlg->layouter = generic_dialog_layouter;
text = get_dialog_offset(dlg, AUTH_WIDGETS_COUNT);
- memcpy(text, sticker, sticker_len);
+ memcpy(text, sticker, sticker_len); /* calloc_dialog has stored '\0' */
dlg->udata = (void *) ses;
dlg->udata2 = a;
pgpIh00STTWgm.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list [email protected] http://linuxfromscratch.org/mailman/listinfo/elinks-dev
