Path: utzoo!attcan!uunet!steinmetz!davidsen
From: davidsen@steinmetz.ge.com (William E. Davidsen Jr)
Newsgroups: comp.lang.c
Subject: Re: retiring gets(3)
Message-ID: <12570@steinmetz.ge.com>
Date: 11 Nov 88 19:41:59 GMT
References: <1988Nov8.054845.23998@utstat.uucp>
Reply-To: davidsen@crdos1.UUCP (bill davidsen)
Organization: General Electric CRD, Schenectady, NY
Lines: 34

In article <1988Nov8.054845.23998@utstat.uucp> geoff@utstat.uucp (Geoff Collyer) writes:
| The recent exposure of the security bug in the 4BSD fingerd caused by
| use of gets(3) reminded me that gets is a bug waiting to happen and
| should be stamped out.  I have deleted gets from my stdio implementation

I hate to say this, but C allows many things which are unsafe. The
problem is not the language, or the library, but that people make bad
choices about their selection of features.

If you stamp out gets you will see postings of dozens of "public domain
replacements" for the gets features "left out of BSD 4.17" or whatever.
I don't disagree for a moment with your sentiment, and I see the
problem, but I think you will have better luck educating your users on
how to use the language than taking away all the parts with sharp edges.

The best way to get rid of gets is to offer a better alternative. I
wrote a "getsn" routine which looks like fgets but avoids putting the
newline in the buffer in the first place, and I would expect to find
that hundreds of others have do it, too. There is no way to strip the
newline as quickly as not putting it in the buffer in the first place.

| With your help, we can stamp out gets in our lifetimes.

From or header files and our libraries, but not from our programmer's
hearts (unfortunately).

| -- 
| Geoff Collyer	utzoo!utstat!geoff, geoff@utstat.toronto.edu


-- 
	bill davidsen		(wedu@ge-crd.arpa)
  {uunet | philabs}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me