Loading...
--- Libc/Libc-262/stdio/fgets.3
+++ Libc/Libc-583/stdio/fgets.3
@@ -34,7 +34,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)fgets.3 8.1 (Berkeley) 6/4/93
-.\" $FreeBSD: src/lib/libc/stdio/fgets.3,v 1.12 2001/10/01 16:08:59 ru Exp $
+.\" $FreeBSD: src/lib/libc/stdio/fgets.3,v 1.19 2002/12/04 18:57:45 ru Exp $
.\"
.Dd June 4, 1993
.Dt FGETS 3
@@ -48,19 +48,19 @@
.Sh SYNOPSIS
.In stdio.h
.Ft char *
-.Fn fgets "char *str" "int size" "FILE *stream"
+.Fn fgets "char *restrict s" "int n" "FILE *restrict stream"
.Ft char *
-.Fn gets "char *str"
+.Fn gets "char *s"
.Sh DESCRIPTION
The
.Fn fgets
function
reads at most one less than the number of characters specified by
-.Fa size
+.Fa n
from the given
.Fa stream
and stores them in the string
-.Fa str .
+.Fa s .
Reading stops when a newline character is found,
at end-of-file or error.
The newline, if any, is retained.
@@ -74,11 +74,11 @@
is equivalent to
.Fn fgets
with an infinite
-.Fa size
+.Fa n
and a
.Fa stream
of
-.Em stdin ,
+.Dv stdin ,
except that the newline character (if any) is not stored in the string.
It is the caller's responsibility to ensure that the input line,
if any, is sufficiently short to fit in the string.
@@ -92,17 +92,17 @@
If end-of-file occurs before any characters are read,
they return
.Dv NULL
-and the buffer contents is unchanged.
+and the buffer contents remain unchanged.
If an error occurs,
they return
.Dv NULL
-and the buffer contents is indeterminate.
+and the buffer contents are indeterminate.
The
.Fn fgets
and
.Fn gets
functions
-do not distinguish between end-of-file and error, and callers must use
+do not distinguish between end-of-file and error; callers must use
.Xr feof 3
and
.Xr ferror 3
@@ -132,27 +132,30 @@
.Va errno
for any of the errors specified for the routine
.Xr getchar 3 .
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn gets
+function cannot be used securely.
+Because of its lack of bounds checking,
+and the inability for the calling program
+to reliably determine the length of the next incoming line,
+the use of this function enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+It is strongly suggested that the
+.Fn fgets
+function be used in all cases.
+(See
+the FSA.)
.Sh SEE ALSO
.Xr feof 3 ,
.Xr ferror 3 ,
-.Xr fgetln 3
+.Xr fgetln 3 ,
+.Xr fgetws 3
.Sh STANDARDS
The functions
.Fn fgets
and
.Fn gets
conform to
-.St -isoC .
-.Sh BUGS
-Since it is usually impossible to ensure that the next input line
-is less than some arbitrary length, and because overflowing the
-input buffer is almost invariably a security violation, programs
-should
-.Em NEVER
-use
-.Fn gets .
-The
-.Fn gets
-function
-exists purely to conform to
-.St -isoC .
+.St -isoC-99 .