--- Gollum Fights Gandalf and looses <[EMAIL PROTECTED]> wrote: > Hi all > I have this smal question the man pages say not to > use gets() because it > can lead to security holes. According to them there > is no way of knowing if the string exceds the Size of the array. So what. > Why is that a security hole.
gets(char *s) can give you indetermined behaviour. Security hole with gets maybe that I am able to read more characters than what I was expected, since it can read beyond the array length thus giving me access to this 'extra' information. This could be true if you are reading information from the same input line or file without newline character in your reading_scope. If I am concerned about the max number of character a user should read, I would go for a call that allows me to mention the string length. You may want to use fgets in such case as it'll tell you exactly how many characters to consider and thus guarantees that the code is reading the exact number of characters it was supposed to read. Cheers, Amol. __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
