[gnutls-devel] GnuTLS | p11tool: fix admin user PIN initialization (!776)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Oct 19 10:10:52 CEST 2018


Tim Rühsen commented on a discussion on src/common.c:

> +	size_t len;
> +
> +	tmp = getpass(prompt);
> +	if (tmp == NULL) {
> +		pass[0] = 0;
> +		return;
> +	}
> +
> +	len = strlen(tmp);
> +	if (len >= max_pass_size) {
> +		pass[0] = 0;
> +		return;
> +	}
> +
> +	strcpy(pass, tmp);
> +	gnutls_memset(pass, 0, len);

Maybe nitpicking, but why not zero out `tmp` when `if (len >= max_pass_size) {` ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/776#note_110170955
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181019/3a7e0d69/attachment-0001.html>


More information about the Gnutls-devel mailing list