Re: amiga-fdisk 0.4 and debian/potato boot floppies.
> But the changelog of amiga-fdisk says that it got to use libreadline
> instead of gets because gets is buggy, or pose a security hazard, or
> whatever.
Yes, gets() is dangerous because it doesn't check the bounds of the
input buffer. One should use fgets() instead, e.g.:
+#ifdef DONT_USE_READLINE
+char *readline (const char *prompt)
+{
+ char buffer[1024];
+ char *s;
+ int size;
+ printf ("%s",prompt);
+ fflush (stdout);
+ fgets (buffer, sizeof(buffer), stdin);
+ size = strlen (buffer);
+ s = malloc ((size+1)*sizeof(char));
+ s = strcpy (s, buffer);
+ fflush (stdin);
+ return s;
+}
+#endif
This is sufficiently safe.
> So i guess best would be to have two binary package from amiga
> fdisk, one called amiga-fdisk is to be used by everyone, the other,
> called amiga-fdisk-boot-floppies, or something such is to be used by
> the boot floppies folk.
Makes sense.
Roman
Reply to: