Re: Security in a shell that starts ssh
On Wed, Jun 13, 2001 at 11:34:28PM +0200, Tim van Erven wrote:
[snip]
> > > > Possible access to unallocated memory if "\0\n" supplied as input.
> > >
> > > Only if strlen(name) = 0 and besides from being hard to achieve when
> > > entering data on stdin, fgets will return 0 if that happens.
> >
> > But not if you feed it a file.
>
> I don't see how that could be done if this is used as a login
> replacement. Still, it would be caught by fgets, so it's a non-issue.
>
Ctrl-@.
It _won't_ be caught by fgets. See my other post.
Please refer to manpages and the Standard to see what does fgets return and
under what circumstances.
--
dg
Reply to: