Page 1 of 1

fgets() in C

PostPosted: Fri Nov 04, 2011 6:21 am
by mywikiwitwiki
Hi, all! I am new in hackthissite.org and this forums, I am not a hacker either. I know hackers are good people. I just want to know why the function fgets() in C is dangerous. I read that it has to do with the data being read having NULL characters. So if you guys could help me out and explain the potential exploits hackers can do with this function.

Thanks!

Re: fgets() in C

PostPosted: Sat Nov 05, 2011 6:21 pm
by mShred
From my understanding, the gets() function is what can easily be exploited since it doesn't know how large the string it's getting is. fgets() does. Now I'm sure there are ways that fgets() can be dangerous if your code is unstable or vulnerable.
Anyway, correct me if I'm wrong. I'm not 100% on this.

Re: fgets() in C

PostPosted: Mon Nov 07, 2011 3:25 pm
by centip3de
This: http://faq.cprogramming.com/cgi-bin/sma ... 1043284351

I think you're confused... "fgets()" is the the safer version to "gets()".

"gets()" is a function to get input, that supposes the user will only enter so many characters. For instance;

Code: Select all
char buf[10];
gets(buf);


"gets()" will assume that you're going to only get 9 characters (You have to include the "\0", but if you get more, it will still write to the array. This causes it to flip the fuck out and if you're lucky, cause a segmentation fault. If you aren't lucky, you'll be vulnerable for a buffer-overflow exploit, which can seriously fuck up your entire program.

"fgets()" on the other hand, requires you to pass the number of characters that you're going to accept, and will stop accepting chars after that. For instance;

Code: Select all
char buf[10];
fgets(buf, 10);


It _will_ stop accepting char's at the NULL terminated char ("\n", or "\0"), so it is no longer vulnerable for a buffer overflow attack.

This really could have just been solved with a simple Google search... But I'm in a good mood.

Re: fgets() in C

PostPosted: Tue Nov 08, 2011 1:03 pm
by tucak
centip3de wrote:This: http://faq.cprogramming.com/cgi-bin/sma ... 1043284351

I think you're confused... "fgets()" is the the safer version to "gets()".

"gets()" is a function to get input, that supposes the user will only enter so many characters. For instance;

Code: Select all
char buf[10];
gets(buf);


"gets()" will assume that you're going to only get 9 characters (You have to include the "\0", but if you get more, it will still write to the array. This causes it to flip the fuck out and if you're lucky, cause a segmentation fault. If you aren't lucky, you'll be vulnerable for a buffer-overflow exploit, which can seriously fuck up your entire program.

"fgets()" on the other hand, requires you to pass the number of characters that you're going to accept, and will stop accepting chars after that. For instance;

Code: Select all
char buf[10];
fgets(buf);


It _will_ stop accepting char's at the NULL terminated char ("\n", or "\0"), so it is no longer vulnerable for a buffer overflow attack.

This really could have just been solved with a simple Google search... But I'm in a good mood.


Actually, fgets is to read from files, so your code should be something like this:
Code: Select all
char buf[10];
FILE * fp;
fgets(buf,10,fp);

Also, both do stop at newline ("\n") and null ("\0") characters, but fgets will stop when it reaches the character limit, so the user cannot input too long strings and overwrite parts of the memory.

Re: fgets() in C

PostPosted: Tue Nov 08, 2011 2:34 pm
by centip3de
tucak wrote:Actually, fgets is to read from files, so your code should be something like this:
Code: Select all
char buf[10];
FILE * fp;
fgets(buf,10,fp);

Also, both do stop at newline ("\n") and null ("\0") characters, but fgets will stop when it reaches the character limit, so the user cannot input too long strings and overwrite parts of the memory.


fgets can be used to read from files, but it can also be used to read in from standard input by using the following code:

Code: Select all
char buf[10];
fgets(buf, 10, stdin);


And while both do stop at a NULL, or newline character, only fgets accepts the newline character as a valid character, and will included.