> From: Daniel Wainwright <[email protected]>
> To: [email protected]
> Date: 2011/12/20 08:44
> Subject: getpass fgets check
> Sent by: [email protected]
>
> Hi,
>
> I believe there is a simple error in getpass.c, line 80:
>
>
>
> static char buf[PWD_BUFFER_SIZE];
>
> ...
>
> /* Read the password. */
> fgets (buf, PWD_BUFFER_SIZE-1, in);
> if (buf != NULL)
>
> ...
>
>
>
> So the result of fgets is not being checked here, results in reading the
> buffer uninitialised below.
yes, and I think(if max passwd len is important) that it should read
fgets (buf, PWD_BUFFER_SIZE, in)
as fgets man page says:
fgets() reads in at most one less than size characters from stream and
stores them into the buffer pointed to by s.
Jocke
_______________________________________________
uClibc mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/uclibc
