Skip to content

Instantly share code, notes, and snippets.

@cwgreene

cwgreene/a-gets.3-1993.md

Last active January 27, 2020 00:22
Show Gist options
  • Save cwgreene/f4dfa818a0226117744477ccb2325a0c to your computer and use it in GitHub Desktop.
Save cwgreene/f4dfa818a0226117744477ccb2325a0c to your computer and use it in GitHub Desktop.
Download ZIP
Historical man pages of `gets`
Raw
a-gets.3-1993.md

DESCRIPTION

gets reads a line from stdin into the buffer pointed to by s until either a terminating newline or EOF, which it replaces with '\0'. No check for buffer overrun is performed (see BUGS below).

BUGS

Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead.

It is not advisable to mix calls to input functions from the stdio library with low - level calls to read() for the file descriptor associated with the input stream; the results will be undefined and very probably not what you want.

Raw
b-gets.3-2018.md

DESCRIPTION

Never use this function.

gets() reads a line from stdin into the buffer pointed to by s until either a termi‐ nating newline or EOF, which it replaces with a null byte ('\0'). No check for buffer overrun is performed (see BUGS below).

BUGS

Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead.

For more information, see CWE-242 (aka "Use of Inherently Dangerous Function") at http://cwe.mitre.org/data/definitions/242.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment