From ca496aa2dd890a8ab3c471ebde903904c7dd423e Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Sat, 24 Jun 2006 16:41:16 +0300 Subject: [PATCH] do_auth_dialog: Fix off-by-one error leading to reads of uninitialized memory. This bug manifested as a junk character at the end of the text in the authentication dialog. --- src/protocol/auth/dialogs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/protocol/auth/dialogs.c b/src/protocol/auth/dialogs.c index 6c885788b..47e10e2a5 100644 --- a/src/protocol/auth/dialogs.c +++ b/src/protocol/auth/dialogs.c @@ -90,7 +90,8 @@ do_auth_dialog(struct session *ses, void *data) if (sticker_len < 0 || sticker_len > MAX_STR_LEN) return; #define AUTH_WIDGETS_COUNT 5 - dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len); + /* + 1 to leave room for the '\0'. */ + dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len + 1); if (!dlg) return; a->blocked = 1; @@ -99,7 +100,7 @@ do_auth_dialog(struct session *ses, void *data) dlg->layouter = generic_dialog_layouter; text = get_dialog_offset(dlg, AUTH_WIDGETS_COUNT); - memcpy(text, sticker, sticker_len); + memcpy(text, sticker, sticker_len); /* calloc_dialog has stored '\0' */ dlg->udata = (void *) ses; dlg->udata2 = a;