*BSD News Article 33006


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11688 comp.os.386bsd.development:2325 comp.os.386bsd.misc:2736
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!agate!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!olivea!news.hal.COM!darkstar.UCSC.EDU!cats.ucsc.edu!haynes
From: haynes@cats.ucsc.edu (James H. Haynes)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 21 Jul 1994 17:56:06 GMT
Organization: University of California, Santa Cruz
Lines: 18
Message-ID: <30mcrm$67t@darkstar.UCSC.EDU>
References: <30lrf3$2ii@acmez.gatech.edu>
NNTP-Posting-Host: hobbes.ucsc.edu
Keywords: gets,unsafe


In article <30lrf3$2ii@acmez.gatech.edu>,
Matthew W. Culbreth <gt4384a@prism.gatech.edu> wrote:
>I've written a program that uses gets().  When I run it, a message
>comes back saying that 'this program uses gets(), which is unsafe'.  
>
>Why is that?

gets() reads data from a stream into a buffer and has no argument telling
it the size of the buffer.  So the input line can be longer than the buffer
size and it will overflow the buffer and keep reading.  Use fgets().
-- 
haynes@cats.ucsc.edu

"Ya can talk all ya wanna, but it's dif'rent than it was!"
"No it aint!  But ya gotta know the territory!"
        Meredith Willson: "The Music Man"