Date: Tue, 20 Feb 2001 17:34:55 -0600 From: Lucas Bergman <lucas@slb.to> To: Arthur Boynagryan <boynagar@armentel.com> Cc: freebsd-questions@freebsd.org Subject: Re: OT: Alternative to gets() function? Message-ID: <20010220173455.A3510@billygoat.slb.to> In-Reply-To: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>; from boynagar@armentel.com on Tue, Feb 20, 2001 at 09:55:12AM %2B0400 References: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi -- > I've been reading man page for gets() and fgets() and noticed the > following: > > "Since it is usually impossible to ensure that the next input line > is less than some arbitrary length, and because overflowing the > input buffer is almost invariably a security violation, programs > should NEVER use gets()." > > What can you recommend instead of gets()? Does this also apply to > fgets()? I'm mostly interested in fgets(). fgets() is safe, provided you're careful about its second parameter. Observe that the following programs are equivalent except that the first has undefined behavior (read: seg fault) if given a line of >99 characters on standard input. In the second program, a line of >99 characters is truncated past the 99th character: #include <stdio.h> int main() { char s[100]; gets(s); return 0; } #include <stdio.h> int main() { char s[100]; fgets(s,99,stdin); return 0; } Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220173455.A3510>