Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11938 comp.os.386bsd.development:2356 comp.os.386bsd.misc:2933 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!uwm.edu!news.moneng.mei.com!howland.reston.ans.net!usenet.ins.cwru.edu!lerc.nasa.gov!purdue!mozo.cc.purdue.edu!staff.cc.purdue.edu!bj From: bj@staff.cc.purdue.edu (Ben Jackson) Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe? Date: 31 Jul 1994 02:23:36 GMT Organization: Purdue University Lines: 26 Message-ID: <31f1v8$2lg@mozo.cc.purdue.edu> References: <30lrf3$2ii@acmez.gatech.edu> <Ctn5yy.3I0@cs.vu.nl> <31cf70$3c@Starbase.NeoSoft.COM> <jmonroyCts1rL.96o@netcom.com> NNTP-Posting-Host: staff.cc.purdue.edu Peter da Silva (peter@Starbase.NeoSoft.COM) wrote: : In article <Ctn5yy.3I0@cs.vu.nl>, Kees J. Bot <kjb@cs.vu.nl> wrote: : >Any gets(buf) call that I may find is immediately replaced by: : > result = fgets(buf, sizeof(buf), stdin); : > *strchr(buf, '\n') = 0; : This can result in writing through the null pointer if reading from a zero : length file and the buffer is uninitialized <...> : if(result = fgets(buf, sizeof(buf), stdin)) : *strchr(buf, '\n') = 0; : Test what you MEAN, sheesh! That will fail if your buffer is too short to hold the line, or if there is no newline in the input stream. If you don't want to write on a null pointer, TEST THE POINTER YOU'RE WRITING ON. Duh: if (fgets(buf, sizeof(buf), stdin) && result = strchr(buf, '\n')) *result = '\0'; It's a good thing you guys don't call fgets() in the kernel. ;-) -- Ben Jackson, bj@cc.purdue.edu