X-pop3-spooler: POP3MAIL 2.1.0 b 4 980420 -bs-
Date: Sun, 12 Jul 1998 23:24:47 -0400 (EDT)
From: David Waite <davewait AT freenet DOT tlh DOT fl DOT us>
To: Vincent Diepeveen <diep AT xs4all DOT nl>
cc: Tuukka Toivonen <tuukkat AT ees2 DOT oulu DOT fi>, beastium-list AT Desk DOT nl
Subject: Re: weird things of gcc
In-Reply-To: <3.0.32.19980711235055.0097bda0@xs4all.nl>
Message-ID: <Pine.OSF.3.96.980712232343.20138A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Marc Lehmann <pcg AT goof DOT com>
Status: RO
Content-Length: 692
Lines: 19


> >>"the 'gets' function is dangerous and should not be used."
> >
> >The gets() function does not check how long string the user
> >gives; if it is too long string and does not fit in sOut
> >array, you have a bug in your program (memory corruption).
> 
> 120 bytes. Why would it give memory corruption, knowing it's just a pointer
> to an existing array of 120 bytes? I only give it an address where it needs
> to put the small string. 
> 
> What's wrong with this, and yes i don't want it to check how long the
> string is, it just must put the string at that address , that's it!
> 

Well, if the program is a user daemon, you have a security flaw on your
hands for one =)

-David Waite