|
From: | Aaron Bentley |
Subject: | Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1 |
Date: | Sun, 18 Apr 2004 02:54:12 -0400 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 |
Matthieu Moy wrote:
address@hidden (James Blackwell) writes:tla-1.2.1pre1 is availableWhile talking about a new release, I've posted a bug and a patch some time ago about WebDAV, and it doesn't seem to have been applied. The code used to extract the password from the URL uses a buggyimplementation of strncpy that just forgets the final '\0'.The bug makes tla unuseable with webdav authentication, and the patch is trivial, so, I think it's worth including it.
strncpy isn't supposed to NUL-terminate the string. The Linux man page reads:
The strncpy() function is similar, except that not more than n bytes of src are copied. Thus, if there is no null byte among the first n bytes of src, the result will not be nullāterminated.
Perhaps you should NUL-terminate at the call site instead. Aaron
[Prev in Thread] | Current Thread | [Next in Thread] |