query_prompt allocated too small
Hello, I believe query_prompt
is allocated one byte too short. (I may have simply misunderstood the API, but I'd still like to suggest this should be NUL
-terminated so it could be used as a native C string.)
https://gitlab.com/oath-toolkit/oath-toolkit/blob/master/pam_oath/pam_oath.c#L207
const char *query_template = "One-time password (OATH) for `%s': ";
size_t len = strlen (query_template) + strlen (user);
/* ... */
query_prompt = malloc (len);
/* ... */
wrote = snprintf (query_prompt, len, query_template, user);
This could be fixed by either malloc(len+1)
or by switching to asprintf(3)
to let the C library handle the memory allocation.
Thanks