retiring gets(3)
William E. Davidsen Jr
davidsen at steinmetz.ge.com
Sat Nov 12 05:41:59 AEST 1988
In article <1988Nov8.054845.23998 at utstat.uucp> geoff at utstat.uucp (Geoff Collyer) writes:
| The recent exposure of the security bug in the 4BSD fingerd caused by
| use of gets(3) reminded me that gets is a bug waiting to happen and
| should be stamped out. I have deleted gets from my stdio implementation
I hate to say this, but C allows many things which are unsafe. The
problem is not the language, or the library, but that people make bad
choices about their selection of features.
If you stamp out gets you will see postings of dozens of "public domain
replacements" for the gets features "left out of BSD 4.17" or whatever.
I don't disagree for a moment with your sentiment, and I see the
problem, but I think you will have better luck educating your users on
how to use the language than taking away all the parts with sharp edges.
The best way to get rid of gets is to offer a better alternative. I
wrote a "getsn" routine which looks like fgets but avoids putting the
newline in the buffer in the first place, and I would expect to find
that hundreds of others have do it, too. There is no way to strip the
newline as quickly as not putting it in the buffer in the first place.
| With your help, we can stamp out gets in our lifetimes.
>From or header files and our libraries, but not from our programmer's
hearts (unfortunately).
| --
| Geoff Collyer utzoo!utstat!geoff, geoff at utstat.toronto.edu
--
bill davidsen (wedu at ge-crd.arpa)
{uunet | philabs}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me
More information about the Comp.lang.c
mailing list