Hi, On Mon, Nov 15, 2010 at 09:05:43AM +0100, David Sommerseth wrote: > - snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", > strlen(creds.username), > - creds.username, strlen(creds.password), creds.password); > + snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", (int) > strlen(creds.username) & 0xff, > + creds.username, (int) strlen(creds.password) & 0xff, > creds.password);
I tend to NAK this.
I'm fine with the "(int)" thingie, but not with the "0xff" part - if
the creds.username/creds.password string is indeed longer than 255 bytes,
the whole message will be unparsable by the receiver, and silent truncation
of the length field is not helping to make the code more readable, nor
does it improve code quality.
So if you want to make sure that the length is <= 255, add a check + error
above the snprintf() block.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpBMc5i3TmC2.pgp
Description: PGP signature
