[Solved] Is it possible to crack the password in this c program?

Question

OP has done a significant edit a 2nd time – better to start a new question. @J.Selva, do not change the question again.

In this version, the below code does not check the return value of fgets() (which is an exploit opening) and yet uses password. This creates a problem that may be used to crack. Say a previous run of code with the correct password occurred. Now with this run, the nefarious user causes an IO error which fgets() returns NULL. The contents of passwd are indeterminate and could be the value of a previous fgets() call. The memset() does not help here as that clears passwd and not the internal buffers used by fgets() to assign password.

memset(passwd,0,sizeof(passwd));
fgets(password, sizeof password, stdin);
strcpy(passwd, password);

Proper code would use

// memset not needed
// memset(passwd,0,sizeof(passwd));

if (fgets(password, sizeof password, stdin) == NULL) {
  Handle_EOForInputError();
  return -1;
}
strcpy(passwd, password);

Accepted Answer

OP has done a significant edit a 2nd time – better to start a new question. @J.Selva, do not change the question again.

In this version, the below code does not check the return value of fgets() (which is an exploit opening) and yet uses password. This creates a problem that may be used to crack. Say a previous run of code with the correct password occurred. Now with this run, the nefarious user causes an IO error which fgets() returns NULL. The contents of passwd are indeterminate and could be the value of a previous fgets() call. The memset() does not help here as that clears passwd and not the internal buffers used by fgets() to assign password.

memset(passwd,0,sizeof(passwd));
fgets(password, sizeof password, stdin);
strcpy(passwd, password);

Proper code would use

// memset not needed
// memset(passwd,0,sizeof(passwd));

if (fgets(password, sizeof password, stdin) == NULL) {
  Handle_EOForInputError();
  return -1;
}
strcpy(passwd, password);