On Mon, Jan 20, 2003 at 12:18:51PM +0100, Miguel Mendez wrote: > Hello hackers, > > Currently, when one wants the user to enter data in a libdialog based > program, one uses the following function: > > int > dialog_inputbox(unsigned char *title, unsigned char *prompt, > int height, int width, unsigned char *result); > > The problem this routine has, is that there's nowhere to specify the max > length of the input buffer (think gets vs fgets here). I know that not > many programs use this lib, or even if there are plans to EOL it, but > this change could be helpful IMHO. My suggestion is to create a new > function, e.g, dialog_inputbox_n that would let you specify the length > of the input buffer. Comments? Ideas? If people find it useful I can > come with patches, since the implementation would be trivial.
libdialog is rife with overflowable buffers..I'm not sure it would be safe even with this input method. Kris
msg39328/pgp00000.pgp
Description: PGP signature
