Path: utzoo!attcan!uunet!ispi!jbayer
From: jbayer@ispi.UUCP (Jonathan Bayer)
Newsgroups: comp.lang.c
Subject: Re: gets(3) nonsense
Summary: sprintf & fprintf can't be crashed by a remote user
Message-ID: <288@ispi.UUCP>
Date: 25 Nov 88 13:42:29 GMT
References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <644@scotty.UUCP>
Organization: Intelligent Software Products, Inc.
Lines: 22

In article <644@scotty.UUCP>, jwr@scotty.UUCP (Dier Retlaw Semaj) writes:
> In article <1403@unisoft.UUCP> achut@unisoft.UUCP (Achut Reddy) writes:
> <In article <1643@solo11.cs.vu.nl> maart@cs.vu.nl (Maarten Litmaath) writes:
> <
> <No, there is a fundamental difference between gets(3) and all the other
> <functions that don't check buffer boundaries.  That difference is that 
> <the other functions *can* be used safely if the programmer exercises
> <some care.  He has complete control over the arguments he passes to these
> >functions, and can ensure that his buffers don't overflow.
> 
> What about sprintf() & fprintf()?
> The user does not have *complete control* over these functions.

With proper care the user *does* have complete control.  Simply specify
a length for each var being printed.

gets is different in that the input is undefined.  If gets is used in a
program in which data is piped to, and it is part of a secure system, and
unsecured data can be piped to it, then it is possible to break it.

Jonathan Bayer
Intelligent Software Products, Inc.