From 324ed6be76d465782a27fddc577b9af03eea0e59 Mon Sep 17 00:00:00 2001
From: Christian von Arnim <christian.vonarnim@gmail.com>
Date: Wed, 1 May 2019 09:56:55 +0200
Subject: [PATCH] Fix password input when MAX_BUFFER_LEN is not 1024 in
 mosquitto_passwd.c

Signed-off-by: Christian von Arnim <christian.vonarnim@gmail.com>
---
 src/mosquitto_passwd.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/mosquitto_passwd.c b/src/mosquitto_passwd.c
index afe3e199..00e048fb 100644
--- a/src/mosquitto_passwd.c
+++ b/src/mosquitto_passwd.c
@@ -339,13 +339,15 @@ int gets_quiet(char *s, int len)
 #endif
 }
 
-int get_password(char *password, int len)
+int get_password(char *password, size_t len)
 {
 	char pw1[MAX_BUFFER_LEN], pw2[MAX_BUFFER_LEN];
+	size_t minLen;
+	minLen = len < MAX_BUFFER_LEN ? len : MAX_BUFFER_LEN;
 
 	printf("Password: ");
 	fflush(stdout);
-	if(gets_quiet(pw1, MAX_BUFFER_LEN)){
+	if(gets_quiet(pw1, minLen)){
 		fprintf(stderr, "Error: Empty password.\n");
 		return 1;
 	}
@@ -353,7 +355,7 @@ int get_password(char *password, int len)
 
 	printf("Reenter password: ");
 	fflush(stdout);
-	if(gets_quiet(pw2, MAX_BUFFER_LEN)){
+	if(gets_quiet(pw2, minLen)){
 		fprintf(stderr, "Error: Empty password.\n");
 		return 1;
 	}
@@ -364,7 +366,7 @@ int get_password(char *password, int len)
 		return 1;
 	}
 
-	strncpy(password, pw1, len);
+	strncpy(password, pw1, minLen);
 	return 0;
 }
 
@@ -526,7 +528,7 @@ int main(int argc, char *argv[])
 #endif
 
 	if(create_new){
-		rc = get_password(password, 1024);
+		rc = get_password(password, MAX_BUFFER_LEN);
 		if(rc){
 			free(password_file);
 			return rc;
@@ -581,7 +583,7 @@ int main(int argc, char *argv[])
 				/* Update password for individual user */
 				rc = update_pwuser(fptr, ftmp, username, password_cmd);
 			}else{
-				rc = get_password(password, 1024);
+				rc = get_password(password, MAX_BUFFER_LEN);
 				if(rc){
 					fclose(fptr);
 					fclose(ftmp);