Date: Mon, 2 Oct 1995 11:46:50 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: olsenc@ichips.intel.com Cc: questions@freebsd.org Subject: Re: If not gets(), then what? Message-ID: <199510021846.LAA22182@phaeton.artisoft.com> In-Reply-To: <9510021814.AA35311@dtt034.intel.com> from "olsenc@ichips.intel.com" at Oct 2, 95 11:14:13 am
next in thread | previous in thread | raw e-mail | index | archive | help
> I have a program that uses gets(), and FreeBSD complains about it. > I read the manpage on gets(), and it says it's dangerous, but yet > it doesn't mention any alternatives! > > Suggestions, recommendations, testimonials, confessions? Use fgets( buf, XXX, stdin) in place of gets( buf). Replace XXX with the size of buf. The "danger" is in the use of extremely long input lines to overflow the buffer and rewrite the stack. You rememebr the internet worm? This was the fingerd attack. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510021846.LAA22182>