fgets() in C

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

fgets() in C

Post by mywikiwitwiki on Fri Nov 04, 2011 6:21 am
([msg=62772]see fgets() in C[/msg])

Hi, all! I am new in hackthissite.org and this forums, I am not a hacker either. I know hackers are good people. I just want to know why the function fgets() in C is dangerous. I read that it has to do with the data being read having NULL characters. So if you guys could help me out and explain the potential exploits hackers can do with this function.

Thanks!
mywikiwitwiki
New User
New User
 
Posts: 1
Joined: Fri Nov 04, 2011 6:17 am
Blog: View Blog (0)


Re: fgets() in C

Post by mShred on Sat Nov 05, 2011 6:21 pm
([msg=62817]see Re: fgets() in C[/msg])

From my understanding, the gets() function is what can easily be exploited since it doesn't know how large the string it's getting is. fgets() does. Now I'm sure there are ways that fgets() can be dangerous if your code is unstable or vulnerable.
Anyway, correct me if I'm wrong. I'm not 100% on this.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1713
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: fgets() in C

Post by centip3de on Mon Nov 07, 2011 3:25 pm
([msg=62858]see Re: fgets() in C[/msg])

This: http://faq.cprogramming.com/cgi-bin/sma ... 1043284351

I think you're confused... "fgets()" is the the safer version to "gets()".

"gets()" is a function to get input, that supposes the user will only enter so many characters. For instance;

Code: Select all
char buf[10];
gets(buf);


"gets()" will assume that you're going to only get 9 characters (You have to include the "\0", but if you get more, it will still write to the array. This causes it to flip the fuck out and if you're lucky, cause a segmentation fault. If you aren't lucky, you'll be vulnerable for a buffer-overflow exploit, which can seriously fuck up your entire program.

"fgets()" on the other hand, requires you to pass the number of characters that you're going to accept, and will stop accepting chars after that. For instance;

Code: Select all
char buf[10];
fgets(buf, 10);


It _will_ stop accepting char's at the NULL terminated char ("\n", or "\0"), so it is no longer vulnerable for a buffer overflow attack.

This really could have just been solved with a simple Google search... But I'm in a good mood.
Last edited by centip3de on Tue Nov 08, 2011 2:29 pm, edited 1 time in total.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1423
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: fgets() in C

Post by tucak on Tue Nov 08, 2011 1:03 pm
([msg=62869]see Re: fgets() in C[/msg])

centip3de wrote:This: http://faq.cprogramming.com/cgi-bin/sma ... 1043284351

I think you're confused... "fgets()" is the the safer version to "gets()".

"gets()" is a function to get input, that supposes the user will only enter so many characters. For instance;

Code: Select all
char buf[10];
gets(buf);


"gets()" will assume that you're going to only get 9 characters (You have to include the "\0", but if you get more, it will still write to the array. This causes it to flip the fuck out and if you're lucky, cause a segmentation fault. If you aren't lucky, you'll be vulnerable for a buffer-overflow exploit, which can seriously fuck up your entire program.

"fgets()" on the other hand, requires you to pass the number of characters that you're going to accept, and will stop accepting chars after that. For instance;

Code: Select all
char buf[10];
fgets(buf);


It _will_ stop accepting char's at the NULL terminated char ("\n", or "\0"), so it is no longer vulnerable for a buffer overflow attack.

This really could have just been solved with a simple Google search... But I'm in a good mood.


Actually, fgets is to read from files, so your code should be something like this:
Code: Select all
char buf[10];
FILE * fp;
fgets(buf,10,fp);

Also, both do stop at newline ("\n") and null ("\0") characters, but fgets will stop when it reaches the character limit, so the user cannot input too long strings and overwrite parts of the memory.
tucak
New User
New User
 
Posts: 47
Joined: Wed Jun 04, 2008 12:20 pm
Blog: View Blog (0)


Re: fgets() in C

Post by centip3de on Tue Nov 08, 2011 2:34 pm
([msg=62871]see Re: fgets() in C[/msg])

tucak wrote:Actually, fgets is to read from files, so your code should be something like this:
Code: Select all
char buf[10];
FILE * fp;
fgets(buf,10,fp);

Also, both do stop at newline ("\n") and null ("\0") characters, but fgets will stop when it reaches the character limit, so the user cannot input too long strings and overwrite parts of the memory.


fgets can be used to read from files, but it can also be used to read in from standard input by using the following code:

Code: Select all
char buf[10];
fgets(buf, 10, stdin);


And while both do stop at a NULL, or newline character, only fgets accepts the newline character as a valid character, and will included.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1423
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests