Potential buffer overflow in htpasswd.c

[ThisLimn0]

In https://github.com/blueness/sthttpd/blob/master/extras/htpasswd.c#L100 the use of the gets function could pose a security risk as it does not check the size of the buffer that is read in.

This could be mitigated by using fgets(password, sizeof(password), stdin);

Since this is inside of the MPE (the operating system?) check i doubt this is a problem on regular systems. I just noticed while reading the code.

Pretty sure this also affects the root code in the thttpd 2.29 stable release.