[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1

From: Aaron Bentley
Subject: Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1
Date: Sun, 18 Apr 2004 02:54:12 -0400
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

Matthieu Moy wrote:

address@hidden (James Blackwell) writes:

tla-1.2.1pre1 is available

While talking about a new release,  I've posted a bug and a patch some
time ago about WebDAV, and it doesn't seem to have been applied.

The  code used  to extract  the  password from  the URL  uses a  buggy
implementation of strncpy that just forgets the final '\0'.
The bug makes tla unuseable  with webdav authentication, and the patch
is trivial, so, I think it's worth including it.

strncpy isn't supposed to NUL-terminate the string. The Linux man page reads:

The strncpy() function is similar, except that not more than n bytes of src are copied. Thus, if there is no null byte among the first n bytes of src, the result will not be nullā€terminated.

Perhaps you should NUL-terminate at the call site instead.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]