-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to C-Programmer on 12/3/2008 6:29 PM: > char name[25]; > gets( name );
PS. This is a _disaster_ waiting to happen. You just coded a buffer overflow exploit, where someone can supply a name with more than 25 bytes, and in so doing, overwrite the stack return pointer to jump into arbitrary code and thus execute whatever they want using your program as the gateway. PLEASE don't write code this evil in real life. Use getline(), fgets(), fread(), properly-written fscanf(), or the like, but NEVER gets(). - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk3P+QACgkQ84KuGfSFAYDh2ACfSsrD2vc1vBj3LdDC2DzvD8Z/ LHIAoLI76s26ASySD9+CVAgy6e5uQ+3W =jv+5 -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
