[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: puts and gets in gcc compiler

To: luci-discuss@luci.org
Subject: Re: puts and gets in gcc compiler
From: Cloudmaster <sauer@cloudmaster.ml.org>
Date: Thu, 8 Apr 1999 08:23:13 -0500 (CDT)
In-Reply-To: <19990408023229.1703.rocketmail@web510.yahoomail.com>
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org

On Wed, 7 Apr 1999, Travis Davies wrote:
> ok, heres a question for all you programmers.
> 
> Why are the C functions puts, and gets, so dangerous to use in linux
> progrms? Everytime I compile it gives me messages saying it is
> dangerous to use. What is it that get and puts does to the program to
> make it unstable and cause segmentation faults and dumps the core?

Here's a quote from "man 3 gets":

       Because it is impossible to tell without knowing the  data
       in  advance  how  many  characters  gets()  will read, and
       because gets() will continue to store characters past  the
       end  of  the buffer, it is extremely dangerous to use.  It
       has been used to break  computer  security.   Use  fgets()
       instead.

That's at the bottom of the man page.  I would guess it needs no further
explanation...  It also mentions something about not mixing puts/gets with
stdio calls, but it appears that would just be a problem if you're mixing
high and low level calls to write/read stdio, due to problems keeping track
of the file offset for stdout/in's file decriptor.  I guess. :)

--Danny

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- puts and gets in gcc compiler
  - From: Travis Davies <tddavies@yahoo.com>

Prev by Date: Re: ethernet cards
Next by Date: Re: ethernet cards
Prev by thread: puts and gets in gcc compiler
Next by thread: Unix Meeting Tonight.
Index(es):
- Date
- Thread