top | item 27054243

(no title)

zlynx | 4 years ago

I like to nitpick and point out gets() can be used safely, as a stunt.

Memory map a read/write page and after that memory map a no-permissions guard page. Now you can safely use gets() to read a page size string without allowing a buffer overflow.

discuss

kevincox|4 years ago

Does gets() guarantee that it will write its output in order? If not it could in theory write after your guard page before touching the guard page itself. Of course I don't know if either the kernel or glibc would ever do this.

I think the only safe way to use gets() is with trusted input.

Arnavion|4 years ago

Why does the order matter? It'll only write to the guard page if the input string is long enough to necessitate it, in which case it was going to fault anyway regardless of which page it touched first.

Edit: I guess you're considering "used safely" to include reading a truncated string, in which case writing in order would allow the program to be written such that it recovers from the fault and reads the valid page-worth of string.

gpm|4 years ago

Or if you own both sides of stdin...

Denvercoder9|4 years ago

If we're nitpicking, doesn't this technically not still allow a buffer overflow, just negate the consequences of it?