getpass fgets check

Carmelo AMOROSO carmelo.amoroso at st.com
Tue Dec 20 09:08:33 UTC 2011


On 20/12/2011 8.43, Daniel Wainwright wrote:
> Hi,
> 
> I believe there is a simple error in getpass.c, line 80:
> 
> 
> 
>   static char buf[PWD_BUFFER_SIZE];
> 
>   ...
> 
>   /* Read the password.  */
>   fgets (buf, PWD_BUFFER_SIZE-1, in);
>   if (buf != NULL)
> 
>   ...
> 
> 
> 
> So the result of fgets is not being checked here, results in reading the
> buffer uninitialised below.
> 

Could you post a well formed git patch ?

thanks,
Carmelo


More information about the uClibc mailing list