From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Webb <chris@arachsys.com>
Subject: [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars
Date: Sun, 23 Nov 2008 11:31:47 +0000
Message-ID: <20081123113147.GA12832@arachsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org
To: qemu-devel@nongnu.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from alpha.arachsys.com ([91.203.57.7]:43926 "EHLO
	alpha.arachsys.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757086AbYKWLbx (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 23 Nov 2008 06:31:53 -0500
Content-Disposition: inline
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Fix off-by-one bug limiting VNC passwords to 7 characters instead of 8

monitor_readline expects buf_size to include the terminating \0, but
do_change_vnc in monitor.c calls it as though it doesn't. The other site
where monitor_readline reads a password (in vl.c) passes the buffer length
correctly.

Signed-off-by: Chris Webb <chris@arachsys.com>
---
 monitor.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitor.c b/monitor.c
index 22360fc..6ae5729 100644
--- a/monitor.c
+++ b/monitor.c
@@ -433,7 +433,7 @@ static void do_change_vnc(const char *target)
     if (strcmp(target, "passwd") == 0 ||
 	strcmp(target, "password") == 0) {
 	char password[9];
-	monitor_readline("Password: ", 1, password, sizeof(password)-1);
+	monitor_readline("Password: ", 1, password, sizeof(password));
 	password[sizeof(password)-1] = '\0';
 	if (vnc_display_password(NULL, password) < 0)
 	    term_printf("could not set VNC server password\n");