Description
Get password program. The security flaw is due to the gets() on line 25. If the entry contains more than 11 characters (remember the null terminating character) the gets() function performs a buffer overflow.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 33, Figure 2-9
Flaws
Have any comments on this test case? Please, send us an email.