Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Feb 2001 17:34:55 -0600
From:      Lucas Bergman <lucas@slb.to>
To:        Arthur Boynagryan <boynagar@armentel.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: OT: Alternative to gets() function?
Message-ID:  <20010220173455.A3510@billygoat.slb.to>
In-Reply-To: <000001c09b01$b1865fa0$4a07a8c0@user0000011909>; from boynagar@armentel.com on Tue, Feb 20, 2001 at 09:55:12AM +0400
References:  <000001c09b01$b1865fa0$4a07a8c0@user0000011909>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi --

> I've been reading man page for gets() and fgets() and noticed the
> following:
> 
> "Since it is usually impossible to ensure that the next input line
> is less than some arbitrary length, and because overflowing the
> input buffer is almost invariably a security violation, programs
> should NEVER use gets()."
> 
> What can you recommend instead of gets()? Does this also apply to
> fgets()? I'm mostly interested in fgets().

fgets() is safe, provided you're careful about its second parameter.
Observe that the following programs are equivalent except that the
first has undefined behavior (read: seg fault) if given a line of >99
characters on standard input.  In the second program, a line of >99
characters is truncated past the 99th character:

#include <stdio.h>
int main() { char s[100]; gets(s); return 0; }

#include <stdio.h>
int main() { char s[100]; fgets(s,99,stdin); return 0; }

Lucas

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20010220173455.A3510>