Tuesday, 21 April 2009 |
Tip 1. Using gets() -------------------
When I make a C program using gets() and I compile it, I get the following warning: warning: this program uses gets(), which is unsafe.
Why is that? Well, if we read man section of gets():
The gets() function cannot be used securely. Because of its lack of bounds checking, and the inability for the calling program to reliably determine the length of the next incoming line, the use of this function enables malicious users to arbitrarily change a running program's func- tionality through a buffer overflow attack. It is strongly suggested that the fgets() function be used in all cases. (See the FSA.)
So it is recommended not to use getc() function for UNIX/Linux programming, and you should do that, because using it is not secure. Your app might get hacked very easely (some Internet worms or exploits use that vulnerability).
|