Re: Security in a shell that starts ssh
On Thu, Jun 14, 2001 at 01:50:56AM +0400, Daniel Ginsburg <email@example.com> wrote:
> On Wed, Jun 13, 2001 at 11:34:28PM +0200, Tim van Erven wrote:
> > > > > Possible access to unallocated memory if "\0\n" supplied as input.
> > > >
> > > > Only if strlen(name) = 0 and besides from being hard to achieve when
> > > > entering data on stdin, fgets will return 0 if that happens.
> > >
> > > But not if you feed it a file.
> > I don't see how that could be done if this is used as a login
> > replacement. Still, it would be caught by fgets, so it's a non-issue.
> It _won't_ be caught by fgets. See my other post.
> Please refer to manpages and the Standard to see what does fgets return and
> under what circumstances.
You're correct, I was wrong. Thanks for repeating your point until it
finally got through.
Tim van Erven