PostHeaderIcon fgets replace gets

Now almost everyone knows the gets can cause the security and reliability problems.

The code below is an example:

// Really bad code
char line[100];
gets(line);

Because gets does not do bounds checking a string longer than 100 characters will overwrite memory. If you are lucky the program will just crash. Obviously,this code is a security problem, A attacker can create a carefully constructed string which overwrites the stack and let’s the bad guy execute any code be wants to.

The gets function is so bad,you can use fgets instead:

// good code
char line[100];
fgets(line,sizeof(line),stdin);

The fgets call will not get more data than the variable can hold, this prevents attackers from executing a stack smashing attack.

13,904 views

Leave a Reply

Your email address will not be published. Required fields are marked *

*


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Copyright © 2010 - C++ Technology. All Rights Reserved.

Powered by Jerry | Free Space Provided by connove.com