git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Benjamin Kaduk <kaduk@mit.edu>
	Mon, 9 Feb 2015 15:38:04 +0000 (10:38 -0500)
committer	Jeffrey Altman <jaltman@your-file-system.com>
	Fri, 12 Jun 2015 13:43:05 +0000 (09:43 -0400)
commit	c6ec6410afdb21cc6f2ecdf0d36559dc8f0fc6cd
tree	aae6db0c2e8309915d7c9b98f891f1c88183df4e	tree \| snapshot
parent	74ffe9bc78a898361bdcb3b97cb512bac338c62a	commit \| diff

Avoid unsafe scanf("%s")

Reading user input into a fixed-length buffer just to check the
first character is silly and an easy buffer overrun. gcc on
Ubuntu 13.03 warns about the unchecked return value for scanf(),
but scanf("%s") is guaranteed to either succeed or get EOF/EINTR/etc..

In any case, we don't need to use scanf() at all, here -- reuse an
idiom from BSD cp(1) and loop around getchar to read the user's
response, eliminating the fixed-length buffer entirely. A separate
initial loop is needed to skip leading whitespace, which is done
implicitly by scanf().

Change-Id: Ic5ed65e80146aa3d08a4b03c213f748ef088156b
Reviewed-on: http://gerrit.openafs.org/11758
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>