Github user astitcher commented on the pull request:
https://github.com/apache/qpid-proton/commit/de3fd617210b5d5a2f2c3e384c33905dbf75ad58#commitcomment-25557336
i can see why you might think the way you do. But actually this is not
correct.
You are assuming that the final string needs to be zero terminated, but
this is incorrect. This code copies the user name from an incoming zero
terminated string, and puts it into a SASL ANONYMOUS frame without it being
terminated. This frame does not use zero terminated strings.
Also note that the original fix was doubly incorrect as it was
strlen(username+1) *with the +1 inside the strlen* this actually allocates 2
characters too few from the point of view of your comment.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
