Date: 06 Mar 1997 19:54:17 -0600 From: Zach Heilig <zach@blizzard.gaffaneys.com> To: "Jeffrey M. Metcalf" <metcalf@snet.net> Cc: "Jeffrey M Metcalf" <Jeffrey_M._Metcalf@ccmail.bms.com>, "FreeBSD questions" <questions@freebsd.org> Subject: Re: What does gets() unsafe question mean? Message-ID: <87n2sg1n7a.fsf@murkwood.gaffaneys.com> In-Reply-To: "Jeffrey M. Metcalf"'s message of Thu, 6 Mar 1997 19:35:07 -0500 References: <199703070034.TAA12071@daisy.snet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Jeffrey" == Jeffrey M Metcalf <metcalf@snet.net> writes:
> Hello, I recently wrote a little C program which uses the stdio.h
> function gets(). I compiled and ran it under FreeBSD and I get..
> warning: this program uses gets(), which is unsafe.
> What exactly does this mean? Why is it unsafe? If possible, can
> any replies be sent as an e-mail to the above address?
Compile this small program:
#include <stdio.h>
main() {
char buf[1];
puts("Enter lots of text and press enter:");
gets(buf);
}
Run it, and follow instructions. This will usually crash an MS-DOS
machine, and it crashed the pty driver on one version of unix I
tried it on (it was awhile ago, and I don't remember which machine
it happened on). I had to telnet in from another box, and kill the
processes attached to that terminal so it would log out and reset.
This sort of programming has been the cause of far too many security
holes in sendmail and many other setuid programs.
--
Zach Heilig (zach@blizzard.gaffaneys.com) | ALL unsolicited commercial email
Support bacteria -- it's the only | is unwelcome. I avoid dealing
form of culture some people have! | with companies that email ads.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87n2sg1n7a.fsf>