*BSD News Article 33533


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11938 comp.os.386bsd.development:2356 comp.os.386bsd.misc:2933
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!uwm.edu!news.moneng.mei.com!howland.reston.ans.net!usenet.ins.cwru.edu!lerc.nasa.gov!purdue!mozo.cc.purdue.edu!staff.cc.purdue.edu!bj
From: bj@staff.cc.purdue.edu (Ben Jackson)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 31 Jul 1994 02:23:36 GMT
Organization: Purdue University
Lines: 26
Message-ID: <31f1v8$2lg@mozo.cc.purdue.edu>
References: <30lrf3$2ii@acmez.gatech.edu> <Ctn5yy.3I0@cs.vu.nl> <31cf70$3c@Starbase.NeoSoft.COM> <jmonroyCts1rL.96o@netcom.com>
NNTP-Posting-Host: staff.cc.purdue.edu

Peter da Silva (peter@Starbase.NeoSoft.COM) wrote:
: In article <Ctn5yy.3I0@cs.vu.nl>, Kees J. Bot <kjb@cs.vu.nl> wrote:

: >Any gets(buf) call that I may find is immediately replaced by:

: >	result = fgets(buf, sizeof(buf), stdin);
: >	*strchr(buf, '\n') = 0;

: This can result in writing through the null pointer if reading from a zero
: length file and the buffer is uninitialized <...>

: 	if(result = fgets(buf, sizeof(buf), stdin))
: 		*strchr(buf, '\n') = 0;
:

Test what you MEAN, sheesh!  That will fail if your buffer is too short
to hold the line, or if there is no newline in the input stream.  If
you don't want to write on a null pointer, TEST THE POINTER YOU'RE
WRITING ON.  Duh:

	if (fgets(buf, sizeof(buf), stdin) && result = strchr(buf, '\n'))
		*result = '\0';

It's a good thing you guys don't call fgets() in the kernel.  ;-)
--
Ben Jackson, bj@cc.purdue.edu