Re: amiga-fdisk 0.4 and debian/potato boot floppies.

[Roman Hodek <Roman.Hodek@informatik.uni-erlangen.de>]

> But the changelog of amiga-fdisk says that it got to use libreadline
> instead of gets because gets is buggy, or pose a security hazard, or
> whatever.

Yes, gets() is dangerous because it doesn't check the bounds of the
input buffer. One should use fgets() instead, e.g.:

+#ifdef DONT_USE_READLINE
+char *readline (const char *prompt)
+{
+       char buffer[1024];
+       char *s;
+       int size;
+       printf ("%s",prompt);
+       fflush (stdout);
+       fgets (buffer, sizeof(buffer), stdin);
+       size = strlen (buffer);
+       s = malloc ((size+1)*sizeof(char));
+       s = strcpy (s, buffer);
+       fflush (stdin);
+       return s;
+}
+#endif

This is sufficiently safe.

> So i guess best would be to have two binary package from amiga
> fdisk, one called amiga-fdisk is to be used by everyone, the other,
> called amiga-fdisk-boot-floppies, or something such is to be used by
> the boot floppies folk.

Makes sense.

Roman