Home arrow C and C+ arrow Misc C Tips
Misc C Tips PDF
Tuesday, 21 April 2009

Tip 1. Using gets()

When I make a C program using gets() and I compile it, I get the following warning:

warning: this program uses gets(), which is unsafe.

Why is that? Well, if we read man section of gets():

The gets() function cannot be used securely.  Because of its lack of
     bounds checking, and the inability for the calling program to reliably
     determine the length of the next incoming line, the use of this function
     enables malicious users to arbitrarily change a running program's func-
     tionality through a buffer overflow attack.  It is strongly suggested
     that the fgets() function be used in all cases.  (See the FSA.)

So it is recommended not to use getc() function for UNIX/Linux programming, and you should do that, because using it is not secure. Your app might get hacked very easely (some Internet worms or exploits use that vulnerability).

< Prev

Other BSD Systems





Best BSD firewall?