getpass fgets check

Daniel Wainwright wainwright.daniel at
Tue Dec 20 07:43:19 UTC 2011


I believe there is a simple error in getpass.c, line 80:

  static char buf[PWD_BUFFER_SIZE];


  /* Read the password.  */
  fgets (buf, PWD_BUFFER_SIZE-1, in);
  if (buf != NULL)


So the result of fgets is not being checked here, results in reading the
buffer uninitialised below.


Daniel Wainwright

More information about the uClibc mailing list