[ bringing back to list; OtherBill apparently misfired the reply ]
On Sun, Feb 11, 2001 at 09:42:02PM -0600, William A. Rowe, Jr. wrote:
> From: "Greg Stein" <[EMAIL PROTECTED]>
> Sent: Sunday, February 11, 2001 8:09 PM
> >
> > Would it make sense to not return a partial password, if it is too long? For
> > example, change the function to:
> >
> > if (len < bufsize)
> > apr_cpystrn(pwbuf, pw_got, bufsize);
> > memset(pw_got, 0, len);
> > if (len >= bufsize) {
> > return APR_ENAMETOOLONG;
> > }
>
> six of one, half dozen of the other to me. But we need to document the
> behavior
> (I believe it implies that we return partial results, which is why I fixed the
> code the way that I did.)
If the password was incomplete, then it will be useless. It just means that
we'll end up with a (partial) copy of the password sitting in memory for no
purpose. I'm up for not copying it unless we have a valid one.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
