*BSD News Article 18620


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!haven.umd.edu!umd5.umd.edu!roissy.umd.edu!mark
From: mark@roissy.umd.edu (Mark Sienkiewicz)
Newsgroups: comp.os.386bsd.questions
Subject: Re: Using gets() [ Was Re: nn ]
Date: 19 Jul 1993 21:25:33 GMT
Organization: University of Maryland
Lines: 25
Message-ID: <22f3gd$foa@umd5.umd.edu>
References: <227e9e$2hj@pdq.coe.montana.edu> <1993Jul17.203914.25267@fwi.uva.nl> <229qig$53k@pdq.coe.montana.edu>
NNTP-Posting-Host: roissy.umd.edu

In article <229qig$53k@pdq.coe.montana.edu> nate@bsd.coe.montana.edu (Nate Williams) writes:
>It has nothing to do with 386BSD.  It has to do with safe/portable
>programming. The author of the BSD library felt it was more important
>for folks to know about the inherent limitations of gets(), so that
>people could fix "BROKEN SOFTWARE"

Ok-- so they're both wrong.  

NN uses a function that lets the user hose it by providing bad input.

"POSIX Programmers Guide" from O'Reilly says that gets() is defined by
ANSI C section 4.9.7.7 and by Posix 8.2.3.5.  Anybody have either of these
handy to see if gets() is allowed to do output? :)

>Heck, this might work.

... broken code deleted ...

>  (I just wrote this
>off the top of my head, and the sizeof and strlen stuff might not work
>at all.

Correct! :)  sizeof(char *) == 4.  Just grab gets() source out of the 
library and remove the offending lines.