|
|
Tweaked getpass() function gives an untraceable bug
06-11-2013
char* my_getpass(const char* str) {
struct termios oflags, nflags;
static char passwd[64];
/* disabling echo */
tcgetattr(fileno(stdin), &oflags);
nflags = oflags;
nflags.c_lflag &= ~ECHO;
nflags.c_lflag |= ECHONL;
tcsetattr(fileno(stdin), TCSANOW, &nflags);
printf(str);
fgets(passwd, sizeof(passwd), stdin);
passwd[strlen(passwd) - 1] = '\0';
/* restore terminal */
tcsetattr(fileno(stdin), TCSANOW, &oflags);
return passwd;
}
int main() {
char name[8], *pwd;
printf("Login as: ");
fgets(name, sizeof(name), stdin);
pwd = my_getpass("Password: ");
if (strcmp(pwd, "george"))
fprintf(stderr, "\nPassword incorrect\n");
else {
puts("\nCorrect Password");
FILE* fp = fopen("./passwd.txt", "w");
fprintf(fp, "user: (%s), password: (%s) \n", name, pwd);
fclose(fp);
}
}$ more passwd.txt user: (dude ), password: (george)
user: (dude), password: (george)
06-11-2013
06-12-2013
fgets(passwd, sizeof(passwd), stdin);
passwd[strlen(passwd) - 1] = '\0'; fgets(passwd, sizeof(passwd), stdin);
passwd[strlen(passwd) - 2] = '\0';
printf("Login as: ");
fgets(name, sizeof(name), stdin);
name[strlen(name) - 1] = '\0'; // newly added line for the bug
06-12-2013
|
|