Can't find the vulnerability in this C program

c security

Solution 1:

email is declared with char email[USR_LEN]; and USR_LEN is 16, but it is read with fscanf(stdin, "%31s", email);.

Also, the results of fscanf are not tested. The user can use Control-D (on Unix) to cause no input, leaving the buffers uninitialized, and then strcmp can overrun a buffer.

Related

Brew Problems on Mac
Is it possible to get rid of the delay between right-clicking and seeing the context menu?
Why does F3 not work as Find Next in Chrome?
Create custom Terminal shortcuts
get name of file from file path using AppleScript
Mount Android Phone on Desktop
ruby version on macOS Sierra
Wipe all WiFi settings from MacBook
How to run chromium-browser from the command line?
Manually add shared Windows printer in macOS
Shortcut to insert / paste email address?
How to use rsync via ssh with IPv6 LLA (link local address) addresses on OSX?