Gets function vulnerability

Gets function vulnerability is related to undefined size of input array. Function simply write readable characters to array, and does not care if the target array size is not exceeded.

  
#include <stdio.h>

int main(int argc, char *argv[])
{
    
    int passOK = 0;
    char password[6];

    printf("Enter password: ");

    // more than 5 characters will cause buffer overflow
    gets(password);

    // comparison with a valid password
    if (strncmp("pass1", password, 5) == 0)
       passOK = 1;

    // if passOK != 0
    if (passOK)
        secretFunction();
    else
        printf("Wrong Password!\n");
    return 0;
}