?

Log in

No account? Create an account
color cycle (slow)

Kistaro Windrider, Reptillian Situation Assessor

Unfortunately, I Really Am That Nerdy

Previous Entry Share Next Entry
Terror has a name, and that name is gets()
a look of abject horror, yikes
kistaro
A Google Code Search that matches uses of gets().

All the computer people reading this should be terrified.


  • 1
(Deleted comment)
gets(char* str) is a C function with one parameter that takes text from the console and reads it into some buffer somewhere in memory. The parameter passed to it is the pointer to the memory location that should be used for the first character, which is presumably the beginning of a "sufficiently long" empty string. gets returns when it sees an end-of-line or end-of-file character.

You might notice that there is no way to tell gets the size of the buffer. This is a problem, because C has no checks for writing beyond the end of a region of memory like that. In the best case, you'll get a segmentation fault (memory access outside the bounds of what the entire program is allowed to touch) and crash your program. In the usual case, gets will cheerfully write beyond the end of the string into memory being used for other values being stored by the program, and corrupt them by replacing them with the ASCII codes corresponding to the letters it sees on the input. This is always a bug, and usually a security hole, the nastiest and most common variant of it involves overwriting the return pointer, causing the program's execution to jump somewhere into the data that was just inserted and letting arbitrary code run with whatever priveleges the program was running with- especially a problem for networked applications.

gets always reads from standard input and has no way of being told "stop after a certain number of characters", so there is no way to avoid a potential buffer overflow attack when it is used.

The documentation for gets starts with, after the usual list of what the function looks like and when it was last updated, "Never use gets." I have to agree.

By page 4, I still hadn't seen anything really terrifying. gets *is* from the devil (and not in a good way) but none of the source seems to belong to products I use or care about. Did I miss something obvious?

I dunno, I think this one's worth something. At least it's in "obsolete code" that's theoretically not used anywhere anymore.

At least the majority of these appear not to be the C-library "gets".


  • 1