Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.vbc.net!vbcnet-west!samba.rahul.net!rahul.net!a2i!news.pbi.net!su-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!howland.erols.net!newsfeed.internetmci.com!avalon.net!avalon.net!not-for-mail
From: amorph@avalon.net (The Amorphous Mass)
Newsgroups: comp.lang.c,comp.unix.bsd.freebsd.misc
Subject: Re: What does gets() unsafe question mean?
Date: 7 Mar 1997 11:59:57 -0600
Organization: When Hell freezes over
Lines: 25
Message-ID: <5fpl2t$8fv@arthur.avalon.net>
References: <01bc2a8f$67037120$db083ccc@default>
NNTP-Posting-Host: arthur.avalon.net
Xref: euryale.cc.adfa.oz.au comp.lang.c:195533 comp.unix.bsd.freebsd.misc:36702
Jeffrey M. Metcalf (metcalf@snet.net) wrote:
>I recently wrote a little C program which uses the stdio.h function gets().
> I compiled and ran it under FreeBSD and I get..
>
>warning: this program uses gets(), which is unsafe.
Nice. Good compiler. :-)
>What exactly does this mean?
The FAQ for comp.lang.c answers this question (it's a nice document to
have around -- http://www.eskimo.com/~scs/C-faq/top.html). The short
answer: What do you think will happen with this code fragment if your
user responds to the prompt with "Berkeley Software Distribution, University
of California at Berkeley, Berkeley California 0U812?"
char name[20]; /* enough space for "Berkeley Software D" and a null
terminator */
printf("Enter your full name:");
fflush(stdout);
gets(name);
--
The Amorphous Mass If I knew what I was doing,
amorph@avalon.net it wouldn't be research.