What's so bad about scanf anyway???
Warner Losh
imp at marvin.Solbourne.COM
Mon Nov 12 16:04:50 AEST 1990
In article <VXogs2w163w at cybrspc> roy%cybrspc at cs.umn.edu (Roy M. Silvernail) writes:
>It's better, IMHO, to gets() a whole line, check its validity and _then_ sscanf()
True. However, I'd use fgets(). See below.
>It just makes things more bullet-resistant.
gets() is a bad function to use when you don't have total control over
the input (like a user typing at a program). Since it can't check to
see if the input line is too large for the buffer, "bad things" can
happen as a result. One vector of the Internet Worm/Virus/Whatever
used the fact that the finger daemon used gets and was running as
root to cause some trouble....
Warner
--
Warner Losh imp at Solbourne.COM
How does someone declare moral bankruptcy?
More information about the Comp.lang.c
mailing list