Path: utzoo!utgpu!attcan!uunet!convex!killer!texbell!uhnix1!sugar!ficc!peter
From: peter@ficc.uu.net (Peter da Silva)
Newsgroups: comp.lang.c
Subject: Secure 'C' library - string I/O (Re: retiring gets(3))
Summary: Necessary but insufficient...
Message-ID: <2185@ficc.uu.net>
Date: 10 Nov 88 15:23:01 GMT
References: <1988Nov8.054845.23998@utstat.uucp> <1031@cps3xx.UUCP>
Organization: SCADA
Lines: 40

What is really needed is a whole secure 'C' library. Consider this gem:

..........
#include <utmp.h>
#define LOGNAMESIZE 8

	char buffer[LOGNAMESIZE*2+3];
	struct utmp *up;

	sprintf(x, "%s %s\n", up->ut_line, up->ut_name);
..........

In general, sprintf should have an argument describing the size of the
output buffer. A better solution still would be to can sprintf and replace
it with something like:

	FILE *stropen(buffer, length, mode);

	Opens a string as a file. Mode is one of:

		"r"	Read.
		"w"	Write.
		"a"	Append.
		"r+"	Read/update.
		"w+"	Write/update.
		"a+"	Append/update.

	Any of the normal I/O functions will operate on this internal file.
	A null will be written at the high water mark when the file pointer
	is fclosed. fseek operates within the string. In 'append' mode the
	string's "end" will be considered to be the first "null". In "Write"
	and "Append" mode the string will be null-filled on open.

It's safer and cleaner. 

There are other goodies like this, have a look...
-- 
Peter da Silva  `-_-'  Ferranti International Controls Corporation
"Have you hugged  U  your wolf today?"     uunet.uu.net!ficc!peter
Disclaimer: My typos are my own damn business.   peter@ficc.uu.net