On Tue, Dec 20, 2011 at 8:43 AM, Daniel Wainwright
<[email protected]> wrote:
> Hi,
>
> I believe there is a simple error in getpass.c, line 80:
>
> static char buf[PWD_BUFFER_SIZE];
>
> ...
>
> /* Read the password. */
> fgets (buf, PWD_BUFFER_SIZE-1, in);
> if (buf != NULL)
>
> ...
>
>
>
> So the result of fgets is not being checked here, results in reading the
> buffer uninitialised below.
And also this gem:
nread = strlen(buf);
if (nread < 0)
buf[0] = '\0';
strlen < 0?! :D
--
vda
_______________________________________________
uClibc mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/uclibc
