We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In https://github.com/blueness/sthttpd/blob/master/extras/htpasswd.c#L100 the use of the gets function could pose a security risk as it does not check the size of the buffer that is read in.
gets
This could be mitigated by using fgets(password, sizeof(password), stdin);
fgets(password, sizeof(password), stdin);
Since this is inside of the MPE (the operating system?) check i doubt this is a problem on regular systems. I just noticed while reading the code.
Pretty sure this also affects the root code in the thttpd 2.29 stable release.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
In https://github.com/blueness/sthttpd/blob/master/extras/htpasswd.c#L100 the use of the
getsfunction could pose a security risk as it does not check the size of the buffer that is read in.This could be mitigated by using
fgets(password, sizeof(password), stdin);Since this is inside of the MPE (the operating system?) check i doubt this is a problem on regular systems. I just noticed while reading the code.
Pretty sure this also affects the root code in the thttpd 2.29 stable release.
The text was updated successfully, but these errors were encountered: