[En-Nut-Discussion] Last orders please: All Known Bugs?
Harald Kipp
harald.kipp at egnite.de
Sat Oct 7 12:38:37 CEST 2006
The current implementation of NutRegisterAuth() requires, that the
parameters point to static strings. With most applications, this
is no big deal, but may fail on more complex programs. For example,
this info may be obtained from secondary storage and point to a
buffer, which may disappear.
Without taking Peter's enhanced variants into account, this should
fix the current CVS code:
int NutRegisterAuth(CONST char *dirname, CONST char *login)
{
AUTHINFO *auth;
/* Allocate a new list element. */
if ((auth = NutHeapAlloc(sizeof(AUTHINFO))) != NULL) {
auth->auth_next = authList;
/* Allocate the path component. */
if ((auth->auth_dirname = NutHeapAlloc(strlen(dirname) + 1)) !=
NULL) {
strcpy(auth->auth_dirname, dirname);
/* Allocate the login component. */
if ((auth->auth_login = NutHeapAlloc(strlen(login) + 1)) !=
NULL) {
strcpy(auth->auth_login, login);
/* Success. Add element to the list and return. */
authList = auth;
return 0;
}
/* Allocation failed. */
NutHeapFree(auth->auth_dirname);
}
NutHeapFree(auth);
}
return -1;
}
void NutClearAuth(void)
{
AUTHINFO *auth;
while (authList) {
auth = authList;
authList = auth->auth_next;
NutHeapFree(auth->auth_dirname);
NutHeapFree(auth->auth_login);
NutHeapFree(auth);
}
}
If there are no objections, I'll check it in.
Harald
At 12:12 06.10.2006 +0200, Ole wrote:
>Some time ago (24.08.2006) I added a patch from Peter Sondermanns to
>pro/auth.c to remove authentication data. This patch was added without
>lots of checking. Later on there was a discussion about a possible
>introduced bug and some suggested fixes.
More information about the En-Nut-Discussion
mailing list