Date: Tue, 20 Feb 2001 17:34:55 -0600 From: Lucas Bergman <lucas@slb.to> To: Arthur Boynagryan <boynagar@armentel.com> Cc: freebsd-questions@freebsd.org Subject: Re: OT: Alternative to gets() function? Message-ID: <20010220173455.A3510@billygoat.slb.to> In-Reply-To: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>; from boynagar@armentel.com on Tue, Feb 20, 2001 at 09:55:12AM %2B0400 References: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi --
> I've been reading man page for gets() and fgets() and noticed the
> following:
>
> "Since it is usually impossible to ensure that the next input line
> is less than some arbitrary length, and because overflowing the
> input buffer is almost invariably a security violation, programs
> should NEVER use gets()."
>
> What can you recommend instead of gets()? Does this also apply to
> fgets()? I'm mostly interested in fgets().
fgets() is safe, provided you're careful about its second parameter.
Observe that the following programs are equivalent except that the
first has undefined behavior (read: seg fault) if given a line of >99
characters on standard input. In the second program, a line of >99
characters is truncated past the 99th character:
#include <stdio.h>
int main() { char s[100]; gets(s); return 0; }
#include <stdio.h>
int main() { char s[100]; fgets(s,99,stdin); return 0; }
Lucas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220173455.A3510>