>From cf753e6e1eb74bf2d4d8e3ade21a3264320f2f8b Mon Sep 17 00:00:00 2001 From: Alexander Cherepanov Date: Sat, 18 May 2013 20:35:07 +0400 Subject: [PATCH 1/2] undrop: limit the length of password. (Fixes a crash.) --- src/undrop.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/undrop.c b/src/undrop.c index 2cd1e89..c8feab3 100644 --- a/src/undrop.c +++ b/src/undrop.c @@ -65,7 +65,7 @@ int undrop(int argc, char *argv[]) { } if (strncmp(t_line, "--PASS +", 8) == 0) { - sscanf(t_line, "--PASS %s", password); + sscanf(t_line, "--PASS %12s", password); printf("%s:%s:::%s:\n", username, password, flags); } fflush(stdout); -- 1.7.2.5