From 55675dea84392d2453e33d92b02967552db65963 Mon Sep 17 00:00:00 2001
From: chris <chris@FreeBSD.org>
Date: Sun, 6 Jan 2002 21:48:37 +0000
Subject: All information from the "BUGS" section not belonging in "SECURITY
 CONSIDERATIONS" moved to "COMPATIBILITY".

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 lib/libc/stdio/fgets.3 | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

(limited to 'lib/libc/stdio/fgets.3')

diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3
index 9c3ecea3..511d118 100644
--- a/lib/libc/stdio/fgets.3
+++ b/lib/libc/stdio/fgets.3
@@ -137,9 +137,14 @@ The
 .Fn gets
 function cannot be used securely.
 Because of its lack of bounds checking,
+and the inability for the calling program
+to reliably determine the length of the next incoming line,
 the use of this function enables malicious users
 to arbitrarily change a running program's functionality through
 a buffer overflow attack.
+It is strongly suggested that the
+.Fn fgets
+function be used in all cases.
 (See
 the FSA.)
 .Sh SEE ALSO
@@ -157,16 +162,3 @@ and
 .Fn gets
 conform to
 .St -isoC .
-.Sh BUGS
-Since it is usually impossible to ensure that the next input line
-is less than some arbitrary length, and because overflowing the
-input buffer is almost invariably a security violation, programs
-should
-.Em NEVER
-use
-.Fn gets .
-The
-.Fn gets
-function
-exists purely to conform to
-.St -isoC .
-- 
cgit v1.1