jack/website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update cheri article

Browse Source
This commit is contained in:
Jack Bond-Preston 2023-01-05 19:55:43 +00:00
parent 9cf1751767
commit f5e9c84fdc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/cheri/2022-11-19-cheri.md
View File

@ -48,7 +48,7 @@ that's not supposed to happen! his name has spilled over into our `my_perfect_st
`fgets()` fills up `user_name`, but it hasn't finished with the name yet! it doesn't care (or know) that `user_name` is full, it's just going to keep going until it finishes our user input, or reads 999 characters from standard input. thus it keeps mindlessly writing, overwriting the section memory we've used to store our precious perfect string (which happens to be immediately after `user_name`). `fgets()` fills up `user_name`, but it hasn't finished with the name yet! it doesn't care (or know) that `user_name` is full, it's just going to keep going until it finishes our user input, or reads 999 characters from standard input. thus it keeps mindlessly writing, overwriting the section memory we've used to store our precious perfect string (which happens to be immediately after `user_name`).
`fgets()` has a cousin, `gets(char *s)`, which is particularly poor with regards to memory safety, [and has largely been moved away from in modern C](https://linux.die.net/man/3/fgets): ***note:*** `fgets()` has a cousin, `gets(char *s)`, which is particularly poor with regards to memory safety (due to lack of `size` parameter), [and has largely been moved away from in modern C](https://linux.die.net/man/3/fgets):
> LSB deprecates `gets()`. POSIX.1-2008 marks `gets()` obsolescent. ISO C11 removes the specification of `gets()` from the C language, and since version 2.16, glibc header files don't expose the function declaration if the `_ISOC11_SOURCE` feature test macro is defined. > LSB deprecates `gets()`. POSIX.1-2008 marks `gets()` obsolescent. ISO C11 removes the specification of `gets()` from the C language, and since version 2.16, glibc header files don't expose the function declaration if the `_ISOC11_SOURCE` feature test macro is defined.
let's take a look at the stack in GDB to see how this happens: let's take a look at the stack in GDB to see how this happens: