[elinks-dev] [patch] do_auth_dialog: Fix off-by-one error leading to reads of uninitialized memory.

[Kalle Olavi Niemitalo]

do_auth_dialog: Fix off-by-one error leading to reads of uninitialized memory.

This bug manifested as a junk character at the end of the text in the
authentication dialog.

---
commit 7f872d610a81d978717dfdb1c4f649bf3e8253d7
tree ba370a886387e1da89f1a9c3a16bffc3ab997340
parent 5b260ad69d031d0edf12e17a69b68de8db0bebc8
author Kalle Olavi Niemitalo <kon at iki.fi> Sat, 24 Jun 2006 16:41:16 +0300
committer Kalle Olavi Niemitalo <Kalle at Astalo.kon.iki.fi> Sun, 06 Aug 2006 14:32:17 +0300

 src/protocol/auth/dialogs.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/protocol/auth/dialogs.c b/src/protocol/auth/dialogs.c
index 6c88578..47e10e2 100644
--- a/src/protocol/auth/dialogs.c
+++ b/src/protocol/auth/dialogs.c
@@ -90,7 +90,8 @@ do_auth_dialog(struct session *ses, void
 	if (sticker_len < 0 || sticker_len > MAX_STR_LEN) return;
 
 #define AUTH_WIDGETS_COUNT 5
-	dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len);
+	/* + 1 to leave room for the '\0'. */
+	dlg = calloc_dialog(AUTH_WIDGETS_COUNT, sticker_len + 1);
 	if (!dlg) return;
 
 	a->blocked = 1;
@@ -99,7 +100,7 @@ #define AUTH_WIDGETS_COUNT 5
 	dlg->layouter = generic_dialog_layouter;
 
 	text = get_dialog_offset(dlg, AUTH_WIDGETS_COUNT);
-	memcpy(text, sticker, sticker_len);
+	memcpy(text, sticker, sticker_len); /* calloc_dialog has stored '\0' */
 
 	dlg->udata = (void *) ses;
 	dlg->udata2 = a;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20060806/ab41d289/attachment.bin