retiring gets(3)
News system
news at ism780c.isc.com
Thu Nov 17 07:34:45 AEST 1988
In article <682 at quintus.UUCP> ok at quintus.UUCP (Richard A. O'Keefe) writes:
>
>There is a false assumption in this, namely that an attacker can control
>the input to every program. If I have a program which _only_ I have
>permision to execute, and I _always_ use it in a pipeline (or in a
>command script), and the preceding program in the pipeline (or script)
>always generates sufficiently short lines, it is safe to use gets().
>The input to such a program is _every_ bit as much under my control as
>the source argument of strcpy().
No one worries much about a program written by Mr O'keefe that can be
executed only by Mr O'keefe. What worries most people is programs
distributed for public use that are written by someone who is unaware of the
'gets problem'. Simply admonishing programers (of publicly available
software) to avoid making the 'gets mistake' is less effective than removing
gets from the library.
I would like to suggest a library routine to replace gets say,
safegets(buffer,count), which for lines no longer then count would behave
like gets, and for lines longer than count would place the first count-1
characters of the line into the buffer followed by a '\0'. The value
returned by safegets is the line length (or EOF).
Marv Rubinstein
More information about the Comp.lang.c
mailing list