+ 3

taking input through gets()

https://code.sololearn.com/cD0NoyB1C4rQ it's showing error

20th Dec 2021, 2:11 PM
Atulya Vaibhav Pandey
Atulya Vaibhav Pandey - avatar
8 Answers
+ 2
Atulya Vaibhav Pandey simplest answer: Don't use gets(). Use fgets(). Make an effort to learn why by understanding all the other answers.
21st Dec 2021, 4:06 PM
Brian
Brian - avatar
+ 5
Not really. It's showing a warning that advise you to use fgets instead of gets because gets is a dangerous function. Your code shouldn't run if it was a error.
20th Dec 2021, 2:17 PM
Anya
Anya - avatar
+ 3
Some additional notes gets() is dangerous, user can overload the buffer. How will you ensure users don't enter more than 99 chars? Why 99 instead of 100 like you set?
20th Dec 2021, 2:22 PM
William Owens
William Owens - avatar
+ 2
Brian Thanks for the catch on the pointer. Removed to not create confusion.
21st Dec 2021, 11:51 PM
William Owens
William Owens - avatar
+ 1
I still couldn't understand, can anyone simplify it further
21st Dec 2021, 2:19 PM
Atulya Vaibhav Pandey
Atulya Vaibhav Pandey - avatar
+ 1
The function gets is vulnerable to a simple bufferoverflow exploitation on the stack. If you use gets to supply input to a variable allocated with n bytes of memory, you can induce a segmentation fault by supplying n+1 bytes of memory. Thus overflowing bytes of memory allocated on the stack, to other memory addresses. A skilled attacker (h@xx0r br0 or l33t b0i) can then exploit vulnerability by supplying just enough bytes to overwrite return memory address and execute a different program potentially with escalated privileges.
22nd Dec 2021, 2:24 AM
Nomad
0
William Owens I like your second comment regarding potential of input to go out of bounds. Your first comment though does not apply in this instance. Here is why: The code defines a as a char array. char a[100]; Using the syntax of gets(a); is equivalent to: gets(&a[0]); Using only a (without brackets) means it is passed as a (char *), that is a pointer to the first location, not as a (char) the way you stated.
21st Dec 2021, 6:14 AM
Brian
Brian - avatar