0

Possible Duplicate:
Why is the `gets' function is dangerous? Why should not be used?

Just started a tutorial in socket programming. But I got this error after compiling with gcc. How to overcome this gets dangerous?

In function `main':
tcpserver.c:(.text+0x1f3): warning: the `gets' function is dangerous and should not be used.

This line of code was obtained from internet (http://www.prasannatech.net/2008/07/socket-programming-tutorial.html):

printf("\n  Your message (hit q or Q to quit): ");
              gets(send_data);
Community
  • 1
  • 1
karikari
  • 6,627
  • 16
  • 64
  • 79
  • See [Why is the `gets' function is dangerous? Why should not be used?](http://stackoverflow.com/questions/1694036/why-is-the-gets-function-is-dangerous-why-should-not-be-used) – Matthew Flaschen Mar 22 '11 at 01:38
  • See also http://stackoverflow.com/questions/4023895/how-to-read-string-entered-by-user-in-c/4023921#4023921 – paxdiablo Mar 22 '11 at 01:58

2 Answers2

4

gets() blindly writes data into the buffer you give it. It neither knows nor cares about the length of the buffer, making it a buffer overflow waiting to happen. If you can, use fgets() instead.

For (slightly) more on the dangers of gets, see the Linux gets/fgets manpage.

Michael Ratanapintha
  • 39,422
  • 4
  • 33
  • 40
  • 1
    POSIX's [`getline`](http://pubs.opengroup.org/onlinepubs/9699919799/functions/getline.html) is also a good alternative – Matthew Flaschen Mar 22 '11 at 01:39
  • @paxdiablo: Why did you change "`Gets`" to "It"? It seems a minor grammatical point at best. – Michael Ratanapintha Mar 22 '11 at 02:08
  • It was just incongruous - in languages where case matters, I have a hard time capitalising function names since a newbie may see that as authorising `Gets (buff);` for example, clearly an error. I usually write things like "The function `gets`" or (as in this case where there's only one subject, "It". Change it back if you disagree, it is your answer after all :-) I just thought it was better this way. – paxdiablo Mar 22 '11 at 02:13
  • You make good points, and I was just wondering anyway --- can't get angry enough to change it back, and too lazy anyway :P. I picked up my style in the book I learned Unix from, where sentences would start with "`Tar` format is by far the most popular format for software distribution..." Now that I think of it, I've never seen that style anywhere else... – Michael Ratanapintha Mar 22 '11 at 02:20
0

This is a dupe of a question asked previously on stackoverflow. Basically, gets() can be vulnerable to buffer overruns, so the compiler is suggesting you replace it with another method where you explicitly specify the maximum buffer length to read. This sort of warning is increasingly common in compilers to encourage folks to write code that is more secure (buffer overruns are a common source of security vulnerabilities).

Your tutorial code was presumably written before this guidance became common practice.

Community
  • 1
  • 1
Andrew Brown
  • 4,086
  • 1
  • 24
  • 21