retiring gets(3)
Geoff Collyer
geoff at utstat.uucp
Tue Nov 8 15:48:45 AEST 1988
The recent exposure of the security bug in the 4BSD fingerd caused by
use of gets(3) reminded me that gets is a bug waiting to happen and
should be stamped out. I have deleted gets from my stdio implementation
(my first ANSI incompatibility!), the folks at Bell Labs Research have
deleted gets from their C library, now it's your turn. We need to get
the next ANSI C standard, the relevant POSIX standard(s), the next
edition of the SVID, the next System V, the next 4BSD, the next SunOS
and the next release from your favourite C vendor to delete gets. Let
your vendor know that you want to see gets deleted from its next
release, delete gets.o from your C library, move gets.o to -lgets,
define gets(s) as "gets is unsafe; use fgets(3)"<><><> in your stdio.h;
do whatever you can to help.
If your vendor protests your reasonable request, point out that gets,
as part of stdio, is a decade-old backward compatibility hack for
compatibility with the Sixth Edition UNIX Portable I/O Library, which
was utterly replaced by stdio no later than 1979. Accept no excuses;
converting programs from using gets to fgets is largely mechanical,
and stripping trailing newlines is trivial to code yourself.
With your help, we can stamp out gets in our lifetimes.
--
Geoff Collyer utzoo!utstat!geoff, geoff at utstat.toronto.edu
More information about the Comp.lang.c
mailing list