*BSD News Article 33298


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11817 comp.os.386bsd.development:2342 comp.os.386bsd.misc:2837
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!news.Hawaii.Edu!ames!hookup!swrinde!howland.reston.ans.net!spool.mu.edu!agate!asami
From: asami@cs.berkeley.edu (Satoshi ASAMI)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 21 Jul 94 18:47:11
Organization: CS Div. - EECS, University of California, Berkeley, CA 94720
Lines: 19
Message-ID: <ASAMI.94Jul21184711@forgery.cs.berkeley.edu>
References: <30lrf3$2ii@acmez.gatech.edu> <30mcrm$67t@darkstar.UCSC.EDU>
NNTP-Posting-Host: forgery.cs.berkeley.edu
In-reply-to: haynes@cats.ucsc.edu's message of 21 Jul 1994 09:56:06 PST

In article <30mcrm$67t@darkstar.UCSC.EDU>
        haynes@cats.ucsc.edu (James H. Haynes) writes:

 * gets() reads data from a stream into a buffer and has no argument telling
 * it the size of the buffer.  So the input line can be longer than the buffer
 * size and it will overflow the buffer and keep reading.  

Yes, this was one of the "holes" that the Internet Worm exploited.
gets() really has no business being in the standard library, except it
is too "standard" (is it in POSIX?) that we can't take it out.

 *                                                         Use fgets().

By the way, when you use fgets(), don't forget that the \n will be in
the buffer too!  I recently run into a program which forgot to erase
it and had a hard time tracking the bug down (probably the author just
blindly replaced gets() with fgets()).

Satoshi