Preventing buffer overflow with gets()

JStew · 11-19-2002, 07:38 AM

Here is what I have going:

#include<stdio.h>
#include<stdlib.h>

int main()
{
char phrase[40];

printf("Please enter a phrase: ");
//scanf("%s", &phrase);

gets(phrase);

printf("\nThe phrase is: %s\n", phrase);

if (phrase[0] == 'h' && phrase[1] == 'e' && phrase[2] == 'l' && phrase[3] == 'l' &&
phrase[4] == 'o')

printf("The phrase is hello.\n");
else
printf("The phrase is not hello.\n");

return 0;
}

is there a way that I can add in some sort of error control with gets() in that if the user enters more characters than this array (phrase) allows that I can have them stop and enter the characters again? in other ways... is there a way to make gets() more intelligent?

Hko · 11-19-2002, 11:03 AM

Have you read the man page of "gets()" ?

"man gets" on my (Debian) system says:

Quote:

BUGS:
Never use gets(). Because it is impossible to tell with_
out knowing the data in advance how many characters gets()
will read, and because gets() will continue to store char_
acters past the end of the buffer, it is extremely danger_
ous to use. It has been used to break computer security.
Use fgets() instead.