I am nearly always in favor of a patch that removes an invocation of strtok. I do think that *password++ = '\0'; is slightly confusing, since it involves dereferencing and pointer arithmetic in an lvalue. For clarity, I would prefer:
*password = '\0';
Though since this of course means the same thing, you may commit whichever you like.
The following patch allows ncat to properly process HTTP digest passwords that are either empty or contain colons.
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: