getpass fgets check

Daniel Wainwright wainwright.daniel at gmail.com
Tue Dec 20 07:43:19 UTC 2011


Hi,

I believe there is a simple error in getpass.c, line 80:



  static char buf[PWD_BUFFER_SIZE];

  ...

  /* Read the password.  */
  fgets (buf, PWD_BUFFER_SIZE-1, in);
  if (buf != NULL)

  ...



So the result of fgets is not being checked here, results in reading the
buffer uninitialised below.

-- 
Regards,

Daniel Wainwright


More information about the uClibc mailing list