Hi Conrad,
Here, keystr is not zero initialized....
Note that strncpy below does not fill the remainder of the buffer with
nuls if rc->password is shorter than 7 characters.
+ * The client then sends the resulting 16-bytes response.
+ */
+#ifndef NO_OPENSSL
+ strncpy(keystr, rc->password, PASSWD_LENGTH);
strncpy() is specified to zero-fill if the source is shorter than the
length. Are we missing something ?
The other issues you brought up look valid.
later,
Peter.
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"