On 8/11/2021 1:31 PM, Mimi Zohar wrote:

On Wed, 2021-08-11 at 13:51 -0300, Bruno Meneguele wrote:

quoted

On Wed, Aug 11, 2021 at 10:52:00AM -0400, Mimi Zohar wrote:

quoted

quoted

-	return pwd;
+	return password;

Wouldn't a simpler fix be to test "pwd" here?
         if (!pwd)
                 free(password);
         return pwd;

The problem is on success, when 'pwd' is actually not NULL.
With that, I can't free(password). I would need to asprintf(pwd, ...) or
strndup(password). Because of that, I thought it would be cleaner to
remove 'password' completely.

I see.  So instead of "return pwd" as suggested above,

         if (!pwd) {
                 free(password);
                 password = NULL;  <== set or return NULL
         }

         return password;

That looks cleaner to me.

My style would be

	if (pwd == NULL)

which compiles to the same binary, but it less prone to error.

In addition, since this is reading from stdin

1 - Do you want the newline to be part of the password?
2 = Why is an empty password an error?