From: eichin@athena.mit.edu (Mark Eichin) Subject: Re: "the `gets' function is unreliable and should not be used"??!!! Date: 2 Jan 1993 00:22:44 GMT
>> From: dld54032@uxa.cso.uiuc.edu (Dave Dribin)
>> really unreliable. I would think that all the standard ASNI functions would
>> be reliable! Thanx in andvance, and happy new year...
The ANSI C standard (or at least, X3.159-1989, I believe there
was a 1990 update that I don't have yet) makes no mention of the
problem; the "Rationale" only mentions that fgets subsumes gets
because gets has no way to limit the size of the input buffer. The
documentation I wrote for a free C library documents gets in a much
stronger way:
This is a <[dangerous]> function, as it has no way of checking
the amount of space available in <[buf]>. One of the attacks
used by the Internet Virus of 1988 used this to overrun a
buffer allocated on the stack of the finger daemon and
overwrite the return address, causing the daemon to execute
code downloaded into it over the connection.
If you look up some of the papers written about the Morris Virus,
you'll find some of them mention that BSD only had gets for backwards
compatibility, and that fgets had been introduced around ***1978***
and there was no reason for any code written since then to use gets.
You'll also find vivid detail of how sloppy code (like gets) can make
it possible for someone to break into your system.
I think it was a mistake for ANSI to standardize that
interface (especially without at least justifying it in the rationale)
but they were, after all, only supposed to codify existing practice,
even if existing practice was incorrect.
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Cygnus Support <eichin@cygnus.com>
ps. Feel free to forward this to whoever teaches the class that you
were writing that code for :-)