[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: SV: [CPROG] Funktionen gets()



In <sslug@sslug> Christian Hemdrup <sslug@sslug> writes:

>ANG.: CPROG funk. GETS()

>Så vidt jeg erindrer (MED STORE FORBEHOLD) er gets en rutine i DOS
>som laver direkte BIOS kald (bios intterrupt 16 subfunk 2 (reg: AX =
>1602H)).

Du husker forkert. gets() er en standard C funktion, der indlæser en 
streng fra stdin til en variabel.

>Martin Gausby wrote:
>> Hvad er der farligt ved Gets(), og er der alternativer?

Det farlige ved gets() er, at der ikke er nogen længde-kontrol på
det input, der havner i strengen. D.v.s. i dette program

   #include <stdio.h>
   int main(int argc, char *argv[])
   {
      char buf[100];

      gets(buf);
      printf("Du skrev: %s\n", buf);
      return 0;
   }

vil det være trivielt for en angriber at lave et buffer overflow ved
at taste mere end 100 tegn ind som input. gets() vil så overskrive
dele af stakken, hvilket er den klassiske opskrift på et "stack-smashing
buffer overflow".

Alternativ ? Brug fgets() i stedet:

   #include <stdio.h>
   int main(int argc, char *argv[])
   {
      char buf[100];

      fgets(buf, sizeof(buf), stdin);
      printf("Du skrev: %s\n", buf);
      return 0;
   }

Se "man fgets" hvis du vil vide mere - især afsnittet "BUGS" til
sidst.
-- 
Henrik Storner      | "Crackers thrive on code secrecy. Cockcroaches breed 
<sslug@sslug> |  in the dark. It's time to let the sunlight in."
                    |  
                    |          Eric S. Raymond, re. the Frontpage backdoor


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:08 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *