Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!usc!nic.csu.net!130.150.102.20!oleg Newsgroups: comp.os.386bsd.questions Subject: Re: Using gets() [ Was Re: nn ] Message-ID: <OLEG.93Jul17185604@gd.cs.CSUFresno.EDU> From: oleg@gd.cs.CSUFresno.EDU (Oleg Kibirev) Date: 17 Jul 93 18:56:04 References: <226q88INN56k@xs4all.hacktic.nl> <227e9e$2hj@pdq.coe.montana.edu><1993Jul17.203914.25267@fwi.uva.nl> <229qig$53k@pdq.coe.montana.edu> Organization: Computer Science Departement of California State University inFresno Nntp-Posting-Host: gd.cs.csufresno.edu In-reply-to: nate@bsd.coe.montana.edu's message of 17 Jul 1993 21:22:24 GMT Lines: 46 In article <229qig$53k@pdq.coe.montana.edu> nate@bsd.coe.montana.edu (Nate Williams) writes: In article <1993Jul17.203914.25267@fwi.uva.nl> bosman@fwi.uva.nl (Cor Bosman) writes: >>gets() does not check to make sure that you can put all of the line into >>the buffer you send it. > >Well, somehow it still doesnt feel right. I *know* gets() is unsafe. then don't use it. >I dont know why nn uses it so much, but the fact is..they do. Because it was easy to do. >And im sure nn isnt the only one. Do I have to change a zillion gets() >throughout the whole nn package cause the coder of the gets() function >in the 386bsd library decided to let us all know its unsafe? It has nothing to do with the 'coder of 386bsd gets()', it has to do with using gets. "GETS() is inherently unsafe since it does not check to see if there is enough room in the buffer" >I think we should leave people at least a choice instead of forcing them >like this. nn chokes on it. Its not some minor little thing. Then fix NN. NN is broken if it used gets(). Not to start another religious war... There is nothing wrong with using gets if there is no good reason for input to be longer than some limit. Like, a response to a yes/no question is very unlikely to be longer than 8 characters. If a user wants to break the program, he is welcome to do so (unless it's suid or a daemon). I would just compile nn with my own version of gets: char *gets(buf) char *buf; { fgets(buf, INT_MAX, stdin); *strchr(buf, '\n') = '\0'; return buf; } -- Oleg