From 3ec8b3aeb88cef8574a7b0f677ebc1801f03821d Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Tue, 14 Mar 2017 15:13:16 -0400 Subject: [PATCH] fix one-byte overflow in legacy getpass function if the length of the input was equal to the buffer size (128), a fixed value of zero was written one byte past the end of the static buffer. --- src/legacy/getpass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c index 15ab9851..d51286c0 100644 --- a/src/legacy/getpass.c +++ b/src/legacy/getpass.c @@ -27,7 +27,7 @@ char *getpass(const char *prompt) l = read(fd, password, sizeof password); if (l >= 0) { - if (l > 0 && password[l-1] == '\n') l--; + if (l > 0 && password[l-1] == '\n' || l==sizeof password) l--; password[l] = 0; } -- 2.25.1