Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!math.ohio-state.edu!caen!usenet.coe.montana.edu!bsd.coe.montana.edu!nate
From: nate@bsd.coe.montana.edu (Nate Williams)
Newsgroups: comp.os.386bsd.questions
Subject: Using gets() [ Was Re: nn ]
Date: 17 Jul 1993 21:22:24 GMT
Organization: Montana State University
Lines: 89
Message-ID: <229qig$53k@pdq.coe.montana.edu>
References: <226q88INN56k@xs4all.hacktic.nl> <227e9e$2hj@pdq.coe.montana.edu> <1993Jul17.203914.25267@fwi.uva.nl>
NNTP-Posting-Host: bsd.coe.montana.edu
Summary: broken software
In article <1993Jul17.203914.25267@fwi.uva.nl> bosman@fwi.uva.nl (Cor Bosman) writes:
>>gets() does not check to make sure that you can put all of the line into
>>the buffer you send it.
>
>Well, somehow it still doesnt feel right. I *know* gets() is unsafe.
then don't use it.
>I dont know why nn uses it so much, but the fact is..they do.
Because it was easy to do.
>And im sure nn isnt the only one. Do I have to change a zillion gets()
>throughout the whole nn package cause the coder of the gets() function
>in the 386bsd library decided to let us all know its unsafe?
It has nothing to do with the 'coder of 386bsd gets()', it has to do
with using gets.
"GETS() is inherently unsafe since it does not check to see if there is
enough room in the buffer"
>I think we should leave people at least a choice instead of forcing them
>like this. nn chokes on it. Its not some minor little thing.
Then fix NN. NN is broken if it used gets().
>Every time you post something using nntp it mails you an error because
>of the library. I dont think its right to say 'its nn's fault for using gets()'
It's right on to say that it's nn's fault for using gets(). Just becuase
the other operating systems don't tell you it's unsafe, doesn't mean it
is safe with them.
>That'll show the programmers of nn. Boy..were they stupid, and real cool
>that all 386bsd users are adviced to 'change nn if you want to use it without
>error'
It has nothing to do with 386BSD. It has to do with safe/portable
programming. The author of the BSD library felt it was more important
for folks to know about the inherent limitations of gets(), so that
people could fix "BROKEN SOFTWARE"
If you don't like it, write a wrapper function for gets() that calls
fgets() that checks to see if you have enough space.
Heck, this might work.
/*
* Donated to the public domain
* Don't use my name or suggest that I had anything to do with this
*/
char *gets(char *str)
{
char buf[1024];
fgets(buf, 1024, stdin);
if ( strlen(buf) > sizeof(str)
{
fprintf(stderr,"Whoops, you didn't have room for the string\n");
*str = (char *)NULL;
}
else
/* Is the +1 necessary for the the eoln? */
memmove(str, buf, strlen(buf+1);
return(str);
}
No guarantees though, and the error handler is ugly. (I just wrote this
off the top of my head, and the sizeof and strlen stuff might not work
at all.
>Oh well,not like any 386bsd user wants to use nn or anything.
>(yeah yeah, it only fails if you use nntp posting)
There's always trn. :-)
Nate
--
nate@bsd.coe.montana.edu | In the middle of it ........ again.
nate@cs.montana.edu | Running/supporting one of many freely available
work #: (406) 994-4836 | Operating Systems for [34]86 machines.
home #: (406) 586-0579 | (based on Net/2, name changes all the time :-)