Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/lib/libc

On Thu, Mar 01, 2012 at 05:07:32PM +0100, Joerg Sonnenberger wrote:
> My strong dislike of *_s from C11 is not relevant. Those functions are
> not part of the core standard, but an (optional) annex.

gets() is pretty bad for anything that is system or suid.
For a normal user app it doesn't matter that much.
Invalid input genetates a core dump and/or corrupted user data.
For a test program it doesn't really matter that much.

Of course, you could have a in another directory that
contains things like gets() and other deprecated stuff and a
.NEEDED entry for the real libc - and use that to compile/run
old binaries.
Oh - except they've broken that feature of the linker.

My objection to the *_s() forms is that they are not really
inherently more 'secure' than the older functions.
They just include some of the checks the coder should have done.
So are just variants of the old function not 'secure' versions.

Microsoft's exception-throwing functions are even worse!
(Mind you Microsoft's _snprintf() is particulary borked.)


David Laight:

Home | Main Index | Thread Index | Old Index