aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00
Code

do_auth_dialog: Fix off-by-one error leading to reads of uninitialized memory.

Browse Source 
This bug manifested as a junk character at the end of the text in the
authentication dialog.
This commit is contained in:
Kalle Olavi Niemitalo 2006-06-24 16:41:16 +03:00 committed by Miciah Dashiel Butler Masters
parent 5b260ad69d
commit ca496aa2dd
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/protocol/auth/dialogs.c
View File

@ -90,7 +90,8 @@ do_auth_dialog(struct session *ses, void *data)
if (sticker_len < 0 || sticker_len > MAX_STR_LEN) return; if (sticker_len < 0 || sticker_len > MAX_STR_LEN) return;
#define AUTH_WIDGETS_COUNT 5 #define AUTH_WIDGETS_COUNT 5
dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len); /* + 1 to leave room for the '\0'. */
dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len + 1);
if (!dlg) return; if (!dlg) return;
a->blocked = 1; a->blocked = 1;
@ -99,7 +100,7 @@ do_auth_dialog(struct session *ses, void *data)
dlg->layouter = generic_dialog_layouter; dlg->layouter = generic_dialog_layouter;
text = get_dialog_offset(dlg, AUTH_WIDGETS_COUNT); text = get_dialog_offset(dlg, AUTH_WIDGETS_COUNT);
memcpy(text, sticker, sticker_len); memcpy(text, sticker, sticker_len); /* calloc_dialog has stored '\0' */
dlg->udata = (void *) ses; dlg->udata = (void *) ses;
dlg->udata2 = a; dlg->udata2 = a;