Merge pull request #1254 from ccvca/fix_passwd_len

Fix password input when MAX_BUFFER_LEN is not 1024 in mosquitto_passwd.c
2019-08-01 10:18:34 +01:00 · 2019-08-01 10:18:34 +01:00 · 07d2504bf5
commit 07d2504bf5
parent 1079a1b697 324ed6be76
1 changed files with 8 additions and 6 deletions
--- a/src/mosquitto_passwd.c
+++ b/src/mosquitto_passwd.c
@ -339,13 +339,15 @@ int gets_quiet(char *s, int len)
 #endif
 }
-int get_password(char *password, int len)
+int get_password(char *password, size_t len)
 {
 	char pw1[MAX_BUFFER_LEN], pw2[MAX_BUFFER_LEN];
 	size_t minLen;
 	minLen = len < MAX_BUFFER_LEN ? len : MAX_BUFFER_LEN;
 	printf("Password: ");
 	fflush(stdout);
-	if(gets_quiet(pw1, MAX_BUFFER_LEN)){
+	if(gets_quiet(pw1, minLen)){
 		fprintf(stderr, "Error: Empty password.\n");
 		return 1;
 	}
@ -353,7 +355,7 @@ int get_password(char *password, int len)
 	printf("Reenter password: ");
 	fflush(stdout);
-	if(gets_quiet(pw2, MAX_BUFFER_LEN)){
+	if(gets_quiet(pw2, minLen)){
 		fprintf(stderr, "Error: Empty password.\n");
 		return 1;
 	}
@ -364,7 +366,7 @@ int get_password(char *password, int len)
 		return 1;
 	}
-	strncpy(password, pw1, len);
+	strncpy(password, pw1, minLen);
 	return 0;
 }
@ -526,7 +528,7 @@ int main(int argc, char *argv[])
 #endif
 	if(create_new){
-		rc = get_password(password, 1024);
+		rc = get_password(password, MAX_BUFFER_LEN);
 		if(rc){
 			free(password_file);
 			return rc;
@ -581,7 +583,7 @@ int main(int argc, char *argv[])
 				/* Update password for individual user */
 				rc = update_pwuser(fptr, ftmp, username, password_cmd);
 			}else{
-				rc = get_password(password, 1024);
+				rc = get_password(password, MAX_BUFFER_LEN);
 				if(rc){
 					fclose(fptr);
 					fclose(ftmp);