*BSD News Article 18566


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!usc!nic.csu.net!130.150.102.20!oleg
Newsgroups: comp.os.386bsd.questions
Subject: Re: Using gets() [ Was Re: nn ]
Message-ID: <OLEG.93Jul17185604@gd.cs.CSUFresno.EDU>
From: oleg@gd.cs.CSUFresno.EDU (Oleg Kibirev)
Date: 17 Jul 93 18:56:04
References: <226q88INN56k@xs4all.hacktic.nl> 
 <227e9e$2hj@pdq.coe.montana.edu><1993Jul17.203914.25267@fwi.uva.nl> <229qig$53k@pdq.coe.montana.edu>
Organization: Computer Science Departement of California State University inFresno
Nntp-Posting-Host: gd.cs.csufresno.edu
In-reply-to: nate@bsd.coe.montana.edu's message of 17 Jul 1993 21:22:24 GMT
Lines: 46

In article <229qig$53k@pdq.coe.montana.edu> nate@bsd.coe.montana.edu (Nate Williams) writes:

   In article <1993Jul17.203914.25267@fwi.uva.nl> bosman@fwi.uva.nl (Cor Bosman) writes:
   >>gets() does not check to make sure that you can put all of the line into
   >>the buffer you send it.
   >
   >Well, somehow it still doesnt feel right. I *know* gets() is unsafe.

   then don't use it.

   >I dont know why nn uses it so much, but the fact is..they do.

   Because it was easy to do.

   >And im sure nn isnt the only one. Do I have to change a zillion gets()
   >throughout the whole nn package cause the coder of the gets() function
   >in the 386bsd library decided to let us all know its unsafe?

   It has nothing to do with the 'coder of 386bsd gets()', it has to do
   with using gets.

   "GETS() is inherently unsafe since it does not check to see if there is
   enough room in the buffer"  

   >I think we should leave people at least a choice instead of forcing them
   >like this. nn chokes on it. Its not some minor little thing.

   Then fix NN.  NN is broken if it used gets().

Not to start another  religious war... There is nothing wrong with using  gets
if  there is no good  reason  for input to be longer than some limit.  Like, a
response to a yes/no question is very unlikely to be longer than 8 characters.
If a user wants to break the program, he is welcome to do so (unless it's suid
or a daemon). I would just compile nn with my own version of gets:

char *gets(buf)
char *buf;
{

	fgets(buf, INT_MAX, stdin);
	*strchr(buf, '\n') = '\0';
	return buf;
}
--

							Oleg