Menu
The declaration of gets is:
char * gets ( char * str );
Note the glaring omission of a maximum size for str.
cplusplus.com says2:
Notice that gets is quite different from fgets: not only gets uses stdin as source, but it does not include the ending newline character in the resulting string and does not allow to specify a maximum size for str (which can lead to buffer overflows).
And also:
The most recent revision of the C standard (2011) has definitively removed this function from its specification. The function is deprecated in C++ (as of 2011 standard, which follows C99+TC3).
Now, of course, fgets is commonly recommended as a replacement of gets, because its declaration looks like this:
char * fgets ( char * str, int num, FILE * stream );
It DOES take a size parameter. This makes it much safer than gets.
Now since I'm not willing to shell out money to download or buy the C11 standard, can anyone shed some light on the reason for deprecating gets and what it means for future code? Why did it exist in the same place when fgets is safer? And why is it only just now being deprecated?
464
You can prevent a buffer overflow attack by auditing code, providing training, using compiler tools, using safe functions, patching web and application servers, and scanning applications.
Writing secure code is the best way to prevent buffer overflow vulnerabilities. When programs are written in languages that are susceptible to buffer overflow vulnerabilities, developers must be aware of risky functions and avoid using them wherever possible.
However, there is a possibility of buffer overflow in this program because the gets() function does not check the array bounds. In the above example, the program gives the user root privileges, even though the user entered an incorrect password.
Buffer overflow attacks are typically caused by coding errors and mistakes in application development. This results in buffer overflow as the application does not allocate appropriately sized buffers and fails to check for overflow issues.
gets is deprecated because it's unsafe, as what you already quoted, it may cause buffer overflow. For replacement, C11 provides an alternative gets_s with a signature like this:
char *gets_s(char *s, rsize_t n);
Note that C11 still recommends fgets to replace gets.
Whether putting gets in the standard is controversial in the first place, but the Committee decided that gets was useful when the programmer does have adequate control over the input.
Here's the official explanation by the Committee.
Rationale for International Standard - Programming Languages C §7.19.7.7 The
getsfunction:Because
getsdoes not check for buffer overrun, it is generally unsafe to use when its input is not under the programmer’s control. This has caused some to question whether it should appear in the Standard at all. The Committee decided thatgetswas useful and convenient in those special circumstances when the programmer does have adequate control over the input, and as longstanding existing practice, it needed a standard specification. In general, however, the preferred function isfgets(see §7.19.7.2).
78
Now since I'm not willing to shell out money to download or buy the C11 standard, can anyone shed some light on the reason for deprecating gets and what it means for future code?
From C committee in C99 Rationale:
Because gets does not check for buffer overrun, it is generally unsafe to use when its input is not under the programmer’s control. This has caused some to question whether it should appear in the Standard at all. The Committee decided that gets was useful and convenient in those special circumstances when the programmer does have adequate control over the input, and as longstanding existing practice, it needed a standard specification. In general, however, the preferred function is fgets.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
