fix one-byte overflow in legacy getpass function

if the length of the input was equal to the buffer size (128), a fixed
value of zero was written one byte past the end of the static buffer.

diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c
index 15ab985..d51286c 100644 (file)
--- a/src/legacy/getpass.c
+++ b/src/legacy/getpass.c
@@ -27,7 +27,7 @@ char *getpass(const char *prompt)
 
        l = read(fd, password, sizeof password);
        if (l >= 0) {
-               if (l > 0 && password[l-1] == '\n') l--;
+               if (l > 0 && password[l-1] == '\n' || l==sizeof password) l--;
                password[l] = 0;
        }