https://issues.apache.org/bugzilla/show_bug.cgi?id=55696
--- Comment #12 from Christopher Schultz <ch...@christopherschultz.net> --- Konstantin, Yeah, sorry about the tabs. I used vi in stupid-mode. I'll get close cleaned-up before a commit. As for the stncpy, I was originally thinking that an int couldn't be longer than a few characters, but on further reflection, it doesn't matter: instead, its the user input that must be fewer than 100 characters if this isn't going to fail. I decided to use strncpy because the existing code used strcpy which was IMO even worse. I was thinking I might make a bigger change to use strtol() and actually look at the value of 'endptr' after the call. I didn't want a patch that made too many changes at once. Before my patch, the strcpy was happening *after* the use of len. I'll clean that up, too. Using strtol (instead of atoi) will do a better job of detecting problems with the actual "value" coming from the user. Right now, if you say worker.port=abc, then atoi will return an undefined value (probably 0) for that configuration option. I'll fix the other stuff and then look at using strtol. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org