Evan Huus
changed
bug 8600
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
INCOMPLETE
|
| CC |
|
[email protected]
|
| Ever confirmed |
|
1
|
Comment # 7
on bug 8600
from Evan Huus
(In reply to comment #6)
> Hi,
>
> (In reply to comment #5)
> > Created attachment 10656 [details]
> > Decode PLAIN mechs username and password
>
> 859 length_user1 = strlen(decrypt);
> 860 if (returncode >= (length_user1 + 1)) {
>
> This check is still unsafe, please write something like:
Why? epan_base64_decode null-terminates the decoded string. It's off-by-one, I
think, since the length returned by epan_base64_decode includes the
null-terminator it appends, but the form is sound.
(This confusion is probably my fault, since I implied on -dev that
epan_base64_decode didn't null-terminate. I was wrong.)
On an unrelated note, why do you keep calling col_append_sep_fstr with an
empty-string for a separator? Why not just call col_append_fstr?
You are receiving this mail because:
- You are watching all bug changes.