Thread: How is fgets safer ?

  1. 07-04-2008 #1
    broli86
    broli86 is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    87

    How is fgets safer ?

    I have seen people saying fgets is safer to use than gets and it avoids buffer overflow. I want to ask how. code :

    Code:
    int getstring(char *s, size_t n, FILE *fp)
{
    char *p = NULL;

    if (fgets(s, n, fp) == NULL)
    {
        fprintf(stderr, "getstring failed\n");
        return (1);	   	
    }
    else
    {
        if ((p = strchr(s, '\n')) != NULL)
        {
            *p = '\0';
        }
    }    

    return (0);
}

int main(void)
{
    char s[20];

    if (getstring(s, sizeof s, stdin)
   {
       fprintf(stderr, "main failed\n");
       return (EXIT_FAILURE);
   }

    return (EXIT_SUCCESS);   
}

    I tried to overflow the input string with more than 50-60 characters and absolutely no error message or anything was printed.
  2. 07-04-2008 #2
    Dino
    Dino is offline
    Jack of many languages Dino's Avatar
    Join Date
    Nov 2007
    Location
    Chappell Hill, Texas
    Posts
    2,332
    http://faq.cprogramming.com/cgi-bin/...&id=1043284351
    Mainframe assembler programmer by trade. C coder when I can.
  3. 07-04-2008 #3
    eXeCuTeR
    eXeCuTeR is offline
    Registered User
    Join Date
    Oct 2007
    Posts
    242
    fgets is safer because you can tell how many bytes to read - it will read these bytes and stop reading no matters what opposing to gets/scanf while these functions read until they recognize an \n\r (if I'm not wrong)
    Vulnerable prog:
    Code:
    char str[20]; // 20 bytes allocated on the stack
gets(str); // gets info from stdin to str
-> I'm allowed to enter MORE than 20 byte while more than 20 bytes will overflow the program (actually, 28 will overflow the EIP which is extremely dangerous if you are injecting a shellcode with it, 
and of course if it's a big application that can cause damage to the user if it's "well-exploited")
    Basically, scanf/gets doesn't make any bounds checking, which makes them vulnerable.

    This prog:
    Code:
    char str[20];
fgets(str, 20, stdin);
    I will be able to enter more than 20 bytes but only 20 will be "accepted" and entered to str (In it doesn't matter how many bytes you are entering, eventually only 20 are accepted)


    BTW,
    I suggest you to run your vuln program with ollydbg/gdb and watch the registers when you try to overflow the program (read about different registers in google - focus on the EIP, which is the most important in ,the instructor pointer, the EBP, and ESP)


    Your code is totally fine and safe.
    Last edited by eXeCuTeR; 07-04-2008 at 05:34 AM.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. fgets not working after fgetc
    By 1978Corvette in forum C Programming
    Replies: 3
    Last Post: 01-22-2006, 06:33 PM
  2. problem with fgets
    By learninC in forum C Programming
    Replies: 3
    Last Post: 05-19-2005, 08:10 AM
  3. problem with fgets
    By Smoot in forum C Programming
    Replies: 4
    Last Post: 12-07-2003, 03:35 AM
  4. fgets crashing my program
    By EvBladeRunnervE in forum C++ Programming
    Replies: 7
    Last Post: 08-11-2003, 12:08 PM
  5. help with fgets
    By Unregistered in forum C Programming
    Replies: 2
    Last Post: 10-17-2001, 08:18 PM