On Thu, Jun 14, 2001 at 01:50:56AM +0400, Daniel Ginsburg <[EMAIL PROTECTED]> wrote: > On Wed, Jun 13, 2001 at 11:34:28PM +0200, Tim van Erven wrote: > > [snip] > > > > > Possible access to unallocated memory if "\0\n" supplied as input. > > > > > > > > Only if strlen(name) = 0 and besides from being hard to achieve when > > > > entering data on stdin, fgets will return 0 if that happens. > > > > > > But not if you feed it a file. > > > > I don't see how that could be done if this is used as a login > > replacement. Still, it would be caught by fgets, so it's a non-issue. > > > > [EMAIL PROTECTED] > It _won't_ be caught by fgets. See my other post. > Please refer to manpages and the Standard to see what does fgets return and > under what circumstances.
You're correct, I was wrong. Thanks for repeating your point until it finally got through. -- Tim van Erven [EMAIL PROTECTED] [EMAIL PROTECTED]