Date: Tue, 20 Feb 2001 11:47:51 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Arthur Boynagryan <boynagar@armentel.com> Cc: freebsd-questions@freebsd.org Subject: Re: Alternative to gets() function? Message-ID: <20010220114751.A35631@mollari.cthul.hu> In-Reply-To: <000401c09a62$1f1caf60$4a07a8c0@user0000011909>; from boynagar@armentel.com on Mon, Feb 19, 2001 at 02:52:57PM %2B0400 References: <000401c09a62$1f1caf60$4a07a8c0@user0000011909>
next in thread | previous in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 19, 2001 at 02:52:57PM +0400, Arthur Boynagryan wrote: > Hi all! >=20 > I've been reading man page for gets() and fgets() and noticed=20 > the following: >=20 > "Since it is usually impossible to ensure that the next input line is less > than some arbitrary length, and because overflowing the input buffer is > almost invariably a security violation, programs should NEVER use gets()." >=20 > What can you recommend instead of gets()? Does this also apply to=20 > fgets()? I'm mostly interested in fgets(). fgets() takes a length parameter so it knows how long the buffer is and will not overflow it. Use fgets(). Kris --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ksnmWry0BWjoQKURAmKOAKCZgvt+luH8BG6uOuVrYw6wUDqSVQCg8dqn SR/yFHeyuMmp+GhYDwpPBRw= =P0vX -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220114751.A35631>