getpass fgets check
Carmelo AMOROSO
carmelo.amoroso at st.com
Tue Dec 20 09:08:33 UTC 2011
On 20/12/2011 8.43, Daniel Wainwright wrote:
> Hi,
>
> I believe there is a simple error in getpass.c, line 80:
>
>
>
> static char buf[PWD_BUFFER_SIZE];
>
> ...
>
> /* Read the password. */
> fgets (buf, PWD_BUFFER_SIZE-1, in);
> if (buf != NULL)
>
> ...
>
>
>
> So the result of fgets is not being checked here, results in reading the
> buffer uninitialised below.
>
Could you post a well formed git patch ?
thanks,
Carmelo
More information about the uClibc
mailing list