得到（） - 危险？ [英] gets() - dangerous?

问题描述

嗨


每当我使用gets（）函数时，gnu c编译器会发出

警告，使用gets（）是危险的。这是由于阵列溢出的可能性吗？通过给gets（）提供一些特定的计算输入，可以改变程序流程是否正确？b $ b是否正确？一旦生成可执行二进制文件，任何人都可以这样做吗？我听说很多安全问题和其他错误都是由于

阵列溢出造成的。


期待你的回复。

Lee

Hi

Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.

Looking forward to your replies.
Lee

推荐答案

2005年12月23日20:29:01 -0800，Lee ; <乐**** @ gmail.com>写在

comp.lang.c：

On 23 Dec 2005 20:29:01 -0800, "Lee" <le****@gmail.com> wrote in
comp.lang.c:

嗨

每当我使用gets（）函数时，gnu c编译器发出
警告，使用gets（）是危险的。这是由于阵列溢出的可能性吗？通过给gets（）提供一些特定的计算输入，可以改变程序流程是否正确？一旦生成可执行二进制文件，任何人都可以这样做吗？我听说过很多安全问题和其他错误都是由于阵列溢出造成的。

期待你的回复。
Lee

Hi

Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
be altered by giving some specific calculated inputs to gets()? How
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.

Looking forward to your replies.
Lee

解决方案很简单：不要使用gets（）。永远不会。至于如果你使用gets（）并且输入的数量大于目标空间的b / b
会发生什么，C语言不知道或不关心。至于

这个未定义的行为如何被具有

恶意意图的人利用，这也不是语言问题。


你的编译器的作者，非常正确和负责任地将它自己带到

，警告你不要使用gets（）。为什么

你还在使用它？


-

Jack Klein

主页：< a rel =nofollowhref =http://JK-Technology.Comtarget =_ blank> http://JK-Technology.Com


comp.lang.c http： //www.eskimo.com/~scs/C-faq/top.html

comp.lang.c ++ http://www.parashift.com/c++-faq-lite/

alt.comp。 lang.learn.c-c ++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html

The solution is simple: don''t use gets(). Not ever. As to what
happens if you do use gets() and the quantity of input is greater than
the destination space, the C language does not know or care. As to
how this undefined behavior might be exploited by someone with
malicious intent, that too is not a language issue.

The authors of your compiler, quite properly and responsibly, take it
upon themselves to warn you that you should not use gets(). Why are
you still using it?

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html

2005年12月23日20 ：29：01-0800，Lee <乐**** @ gmail.com>写道：

On 23 Dec 2005 20:29:01 -0800, "Lee" <le****@gmail.com> wrote:

嗨

每当我使用gets（）函数时，gnu c编译器会发出
警告，表明使用gets会很危险（）。这是由于阵列溢出的可能性吗？是不是正确的程序流可以


是

通过给gets（）提供一些特定的计算输入来改变？如何


是

一旦生成可执行二进制文件，任何人都可以这样做吗？我已经听说过许多安全问题和其他错误是由于阵列溢出造成的。

期待您的回复。

Hi

Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program flow can
Yes
be altered by giving some specific calculated inputs to gets()? How
Yes
could anyone do so once the executable binary have been generated? I
have heard many of the security problems and other bugs are due to
array overflows.

Looking forward to your replies.

不要屏住呼吸。缓冲区溢出不是交流语言主题。

<<删除电子邮件的del>>

Don''t hold your breath. Buffer overflow is not a c language topic.
<<Remove the del for email>>

Barry Schwarz写道：

Barry Schwarz wrote:

不要屏住呼吸。缓冲区溢出不是交流语言主题。

Don''t hold your breath. Buffer overflow is not a c language topic.

但在其他地方有详细记载：
http://en.wikipedia.org/wiki/Buffer_overflow

But is well documented elsewhere:
http://en.wikipedia.org/wiki/Buffer_overflow

这篇关于得到（） - 危险？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！