Re: CVS commit: src/lib/libc

To: Alan Barrett <apb%cequrux.com@localhost>
Subject: Re: CVS commit: src/lib/libc
From: David Laight <david%l8s.co.uk@localhost>
Date: Sun, 4 Mar 2012 22:29:38 +0000

On Sun, Mar 04, 2012 at 10:38:19PM +0200, Alan Barrett wrote:
> On Sun, 04 Mar 2012, David Laight wrote:
> >I wonder it it would be worth adding a function that is like 
> >gets, but takes a buffer length (ie discards the \n - and maybe 
> >the rest of the line).
> 
> C2011 has char *gets_s(char *s, rsize_t n);
> 
> It discards the \n, but does not discard the rest of the line, so 
> you can't tell the difference between a line that was exactly the 
> maximum length (followed by a \n which is discarded) or a line 
> that was too long.  fgets() can tell the difference, however.

Not checking that allowed users to get root privs.
IIRC it was very long fields in the password file causing
an entry to be split.
(fixed long long ago)
So that '_s' form isn't 'secure' (or whatever _s is supposed to mean).

        David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- Re: CVS commit: src/lib/libc
  - From: Izumi Tsutsui
- Re: CVS commit: src/lib/libc
  - From: Warner Losh
- Re: CVS commit: src/lib/libc
  - From: David Holland
- Re: CVS commit: src/lib/libc
  - From: Warner Losh
- Re: CVS commit: src/lib/libc
  - From: David Laight
- Re: CVS commit: src/lib/libc
  - From: Alan Barrett

Prev by Date: Re: CVS commit: src/lib/libc
Next by Date: Re: CVS commit: src/lib/libc
Previous by Thread: Re: CVS commit: src/lib/libc
Next by Thread: Re: CVS commit: src/lib/libc
Indexes:

Home | Main Index | Thread Index | Old Index