gets controversary

Printable View

07-11-2002
jerryvtts

gets controversary

I direct this thread spacifically to Sebastiani, Hammer or Prelude
who seem to know their C code.

I'm new to this forum and I note that several contributers don't like
the "gets" command. I write industrial C code on Unix and use:

// CODE
gets(input);
sscanf(input, "%s", input);

exclusively to get input from the user.

My code gets run several hundred thousand times a year and I've never had a problem with this sequence.

I also use:

// CODE
fgets(fd, length);
sscanf(input, "%s", input);

to read from files with no problems.

Is there some problem with "gets" that I should know about?

note:
I used:
void main(void)
in my example but would never use that line in a real program.

This line would normally be:
int main(int argc, char *argv[])

Also I'm writing this from memory at 1:30 in the morning so excuse any stupid mistakes.
07-11-2002
Hammer

>I write industrial C code on Unix
So do I :)

>int main(int argc, char *argv[])
Yep, that's a better way. I also use
>int main(void)
if I don't want to bother with the command line args.
If you're posting code here as an answer to a question, try and make it as "correct" as you can, because most people here are newbies that don't know any better, and will take your code as being the way to go. We try to correct everyone that uses incorrect syntax like this, so we get a common feel across the board.

Now, down to gets(). The problem is simply that it allows the buffer to overflow if the user enters too much data. For example, if you have
>char name[10];
>gets(name);
and the user enters their name as a string of 20 characters, the gets() function will load all 20 bytes into memory at the start of the array. Because the array is only 10 bytes long, this will mean that the last few bytes are written outside the array bounds. This section of memory may, or may not be owned by your program. It may, or may not, cause the application that owns that memory to crash immediately, or at some point later on. It may also do nothing, if no application cares about that particular chunk of memory. Of course, the owning application could be the OS itself, so in theory you could lock up the host completely.

The worst example, and is one that happens all the time, is the exploitation of this type of bug as a security breach. Say for example your program requires to run with root privilages (via setuid). If the user is clever enough (and yes there is such a thing!), they can cause a buffer overflow, and take control of your program. This is done via altering vital information of the OS's stack where your program is being run. It is possible for the user to cause your program to spawn or become a command shell. At this point, the user will have a shell prompt running with root privilages that were inherited from your program. This type of bug is normally caused by incorrect use of strcpy(), where the source string is way longer than the target.

This type of exploitation (unchecked buffers) has been seen in many professional applications (eg Microsoft web servers).

Please don't ask too much about the details on this, cracker threads are not allowed on this board, and will get deleted by the Mods, and rightly so.
07-11-2002
foniks munkee

Code:

gets(input); sscanf(input, "%s", input);

What compiler/platform are you using? I would have thought in a Unix environment your compiler would complain about gets() saying it is unsafe to use.
07-11-2002
pinko_liberal

I think people started to look upon gets suspiciously after the internet worm attack of 1988.
http://www.cs.utexas.edu/users/dsb/D...rm/lecture.htm
07-11-2002
Sayeh

Actually, and particularly since you are working with UNIX, why don't you open the sourcefile for your compiler library that contains 'gets()' and look at the actual sourcecode.

If you are really that good, you'll find the problem if there is one, not if not.

trivial. The truth is in there...