diff options
Diffstat (limited to 'lib/libc/stdio/fgets.3')
| -rw-r--r-- | lib/libc/stdio/fgets.3 | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3 index 9c3ecea3..511d118 100644 --- a/lib/libc/stdio/fgets.3 +++ b/lib/libc/stdio/fgets.3 @@ -137,9 +137,14 @@ The .Fn gets function cannot be used securely. Because of its lack of bounds checking, +and the inability for the calling program +to reliably determine the length of the next incoming line, the use of this function enables malicious users to arbitrarily change a running program's functionality through a buffer overflow attack. +It is strongly suggested that the +.Fn fgets +function be used in all cases. (See the FSA.) .Sh SEE ALSO @@ -157,16 +162,3 @@ and .Fn gets conform to .St -isoC . -.Sh BUGS -Since it is usually impossible to ensure that the next input line -is less than some arbitrary length, and because overflowing the -input buffer is almost invariably a security violation, programs -should -.Em NEVER -use -.Fn gets . -The -.Fn gets -function -exists purely to conform to -.St -isoC . |
