*BSD News Article 90556


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.vbc.net!vbcnet-west!samba.rahul.net!rahul.net!a2i!news.pbi.net!su-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!howland.erols.net!newsfeed.internetmci.com!avalon.net!avalon.net!not-for-mail
From: amorph@avalon.net (The Amorphous Mass)
Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc
Subject: Re: What does gets() unsafe question mean?
Date: 7 Mar 1997 11:59:57 -0600
Organization: When Hell freezes over
Lines: 25
Message-ID: <5fpl2t$8fv@arthur.avalon.net>
References: <01bc2a8f$67037120$db083ccc@default>
NNTP-Posting-Host: arthur.avalon.net
Xref: euryale.cc.adfa.oz.au comp.lang.c:195533 comp.unix.bsd.freebsd.misc:36702

Jeffrey M. Metcalf (metcalf@snet.net) wrote:
>I recently wrote a little C program which uses the stdio.h function gets().
> I compiled and ran it under FreeBSD and I get..
>
>warning: this program uses gets(), which is unsafe.

  Nice.  Good compiler. :-)

>What exactly does this mean?

  The FAQ for comp.lang.c answers this question (it's a nice document to
have around -- http://www.eskimo.com/~scs/C-faq/top.html).  The short
answer:  What do you think will happen with this code fragment if your
user responds to the prompt with "Berkeley Software Distribution, University
of California at Berkeley, Berkeley California 0U812?"

char name[20];  /* enough space for "Berkeley Software D" and a null
                   terminator */
printf("Enter your full name:");
fflush(stdout);
gets(name);

-- 
The Amorphous Mass         If I knew what I was doing,
amorph@avalon.net          it wouldn't be research.