Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!pacbell!att!occrsh!occrsh.ATT.COM!scsmo1.UUCP!tim
From: tim@scsmo1.UUCP
Newsgroups: comp.lang.c
Subject: gets limits?
Message-ID: <9300001@scsmo1.UUCP>
Date: 24 Apr 89 03:45:00 GMT
Lines: 20
Nf-ID: #N:scsmo1.UUCP:9300001:000:771
Nf-From: scsmo1.UUCP!tim    Apr 23 21:45:00 1989


What does ANSI say about gets.  It seem to me that there is NO way to
figure out how big to make the buffer for the beast.  I have assumed
that gets can be approximated by:
#define gets(x)   fgets(s,BUFSIZ,stdin)

Since assumptions tend to cause problems, (like the internet worm :-)
what rules should be followed with gets.  Personaly I like the idea of
taking the binary editor and nuking some character in the "gets" string
so it won't be found by the linker.

I often see gets reading in a string that is put in an 80 byte array.
What is the maximum number of characters? is it BUFSIZ?  How about
GETSBUFSIZ?  

If ANSI does not say anything about this, I think they missed the boat as
this could be the single most unsecure feature of C.

tim hogard
tim@scsmo1.uucp