retiring gets(3)
Lawrence V. Cipriani
lvc at cbnews.ATT.COM
Thu Nov 10 08:16:07 AEST 1988
In article <1031 at cps3xx.UUCP> usenet at cps3xx.UUCP (Usenet file owner) writes:
>This may be a naive question, or perhaps I haven't followed the right
>stories, but what is the problem with using gets versus fgets?
The only argument to gets() is a character pointer, or buffer; fgets() has
a FILE*, a character buffer, and most importantly a count. Used properly,
this prevents writing passed the end of the buffer. Since gets() doesn't
have the count, this could be used to read passed the end of some buffer,
say buf, in fingerd. Morris managed to get just the right "data" to go
past the end of buf so that the program behavior was modified the way he
needed. Usually reading data passed the end of a buffer gives you a fatal
error and your process dies. In this case (I'm really reaching here), the
stack was modified, say change the return address, to do "something special"
like go around some permission checks. Neat, very neat. Now will someone
please send me a copy of Morris's program :-)
>John H. Lawitzke UUCP: ...rutgers!mailrus!frith!fciiho!jhl
--
Larry Cipriani, AT&T Network Systems, Columbus OH,
Path: att!cbnews!lvc Domain: lvc at cbnews.ATT.COM
More information about the Comp.lang.c
mailing list