On Thu, Sep 12, 2013, at 13:02, Sergei Trofimovich wrote:
> Pass something string size related insteal of 'sizeof(void*)'
> (which might overflow).
>
> Found by gcc 4.8:
> > mod_sftp_pam.c:327:36: warning: argument to ‘sizeof’ in ‘memset’
> > call is the same expression as the destination; did you mean to
> > provide an explicit length? [-Wsizeof-pointer-memaccess]
>
> Signed-off-by: Sergei Trofimovich <sly...@gentoo.org>
> ---
> contrib/mod_sftp_pam.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/contrib/mod_sftp_pam.c b/contrib/mod_sftp_pam.c
> index 0a9de72..ba8f1c5 100644
> --- a/contrib/mod_sftp_pam.c
> +++ b/contrib/mod_sftp_pam.c
> @@ -324,7 +324,7 @@ static int sftppam_driver_open(sftp_kbdint_driver_t
> *driver, const char *user) {
> exit(1);
> }
>
> - memset(sftppam_user, '\0', sizeof(sftppam_user));
> + memset(sftppam_user, '\0', sftppam_userlen);
> sstrncpy(sftppam_user, user, sftppam_userlen);
>
> c = find_config(main_server->conf, CONF_PARAM, "SFTPPAMOptions",
> FALSE);
This patch has been applied to CVS. Thanks!
Cheers,
TJ
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Developers List
<proftpd-de...@proftpd.org>
https://lists.sourceforge.net/lists/listinfo/proftp-devel
