Attachment #198620 for bug #222796




int fputs(const char* restrict s, FILE* restrict stream);
int getc(FILE* stream);
int getchar(void);
char* gets(char* s);  // removed in C++14
int putc(int c, FILE* stream);
int putchar(int c);
int puts(const char* s);


#ifndef _LIBCPP_HAS_NO_STDIN
using ::getchar;
#if _LIBCPP_STD_VER <= 11 && !defined(_LIBCPP_MSVCRT)
using ::gets;
#endif
using ::scanf;
using ::vscanf;
#endif





#include <stdio.h>

#ifdef __FreeBSD__
/*
 * We want to test the gets() implementation, but cannot simply link against
 * the gets symbol because it is not in the default version. (We've made it
 * unavailable by default on FreeBSD because it should not be used.)
 *
 * This is a workaround to access gets@FBSD_1.0.
 */
char *unsafe_gets(char *);
char *gets(char *buf)
{
	return unsafe_gets(buf);
}
__sym_compat(gets, unsafe_gets, FBSD_1.0);
#endif

int
main(int argc, char *argv[])
{

Lines 17-23 LIB= ssp Link Here

(-)b/gnu/lib/libssp/Makefile (-1 / +1 lines)
17	SHLIB_MAJOR= 0	17	SHLIB_MAJOR= 0
18	LD_FATAL_WARNINGS= no	18	LD_FATAL_WARNINGS= no
19		19
20	SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \	20	SRCS= ssp.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
21	memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \	21	memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \
22	strcat-chk.c strcpy-chk.c strncat-chk.c strncpy-chk.c \	22	strcat-chk.c strcpy-chk.c strncat-chk.c strncpy-chk.c \
23	vsnprintf-chk.c vsprintf-chk.c	23	vsnprintf-chk.c vsprintf-chk.c

Lines 269-275 long ftell(FILE *); Link Here

(-)b/include/stdio.h (-1 lines)
269	size_t fwrite(const void * __restrict, size_t, size_t, FILE * __restrict);	269	size_t fwrite(const void * __restrict, size_t, size_t, FILE * __restrict);
270	int getc(FILE *);	270	int getc(FILE *);
271	int getchar(void);	271	int getchar(void);
272	char gets(char );
273	#if __EXT1_VISIBLE	272	#if __EXT1_VISIBLE
274	char gets_s(char , rsize_t);	273	char gets_s(char , rsize_t);
275	#endif	274	#endif




.Os
.Sh NAME
.Nm fgets ,
.Nm gets ,
.Nm gets_s
.Nd get a line from a stream
.Sh LIBRARY

.Fn fgets "char * restrict str" "int size" "FILE * restrict stream"
.Ft char *
.Fn gets_s "char *str" "rsize_t size"
.Ft char *
.Fn gets "char *str"
.Sh DESCRIPTION
The
.Fn fgets

The
.Fn gets
function
was unsafe and is no longer available.
.Fn fgets
with an infinite
.Fa size
and a
.Fa stream
of
.Dv stdin ,
except that the newline character (if any) is not stored in the string.
It is the caller's responsibility to ensure that the input line,
if any, is sufficiently short to fit in the string.
.Sh RETURN VALUES
Upon successful completion,
.Fn fgets
.Fn gets_s ,
and
.Fn gets_s
return
a pointer to the string.
If end-of-file occurs before any characters are read,

.Dv NULL
and the buffer contents are indeterminate.
The
.Fn fgets
.Fn gets_s ,
and
.Fn gets_s
functions
do not distinguish between end-of-file and error, and callers must use
.Xr feof 3

.Xr malloc 3 .
.Pp
The function
.Fn gets
and
.Fn gets_s
may also fail and set
.Va errno

.Xr fgetws 3 ,
.Xr getline 3
.Sh STANDARDS
The
.Fn fgets
function conforms to
.Fn gets
conform to
.St -isoC-99 .
.Fn gets_s
conforms to

.Fn gets
has been removed from
.St -isoC-2011 .
.Sh SECURITY CONSIDERATIONS
The
.Fn gets
function cannot be used securely.
Because of its lack of bounds checking,
and the inability for the calling program
to reliably determine the length of the next incoming line,
the use of this function enables malicious users
to arbitrarily change a running program's functionality through
a buffer overflow attack.
It is strongly suggested that the
.Fn fgets
function be used in all cases.

Lines 45-54 __FBSDID("$FreeBSD$"); Link Here

(-)b/lib/libc/stdio/gets.c (-3 / +2 lines)
45	#include "libc_private.h"	45	#include "libc_private.h"
46	#include "local.h"	46	#include "local.h"
47		47
48	__warn_references(gets, "warning: this program uses gets(), which is unsafe.");
49
50	char *	48	char *
51	gets(char *buf)	49	__gets_unsafe(char *buf)
52	{	50	{
53	int c;	51	int c;
54	char s, ret;	52	char s, ret;
Lines 78-80 gets(char *buf) Link Here
78	FUNLOCKFILE_CANCELSAFE();	76	FUNLOCKFILE_CANCELSAFE();
79	return (ret);	77	return (ret);
80	}	78	}
		79	__sym_compat(gets, __gets_unsafe, FBSD_1.0);

Lines 279-285 library conforms to Link Here

(-)b/lib/libc/stdio/stdio.3 (-1 lines)
279	.It "getchar get next character or word from input stream"	279	.It "getchar get next character or word from input stream"
280	.It "getdelim get a line from a stream"	280	.It "getdelim get a line from a stream"
281	.It "getline get a line from a stream"	281	.It "getline get a line from a stream"
282	.It "gets get a line from a stream"
283	.It "getw get next character or word from input stream"	282	.It "getw get next character or word from input stream"
284	.It "getwc get next wide character from input stream"	283	.It "getwc get next wide character from input stream"
285	.It "getwchar get next wide character from input stream"	284	.It "getwchar get next wide character from input stream"

Return to bug 222796

Lines 74-80 int fputc(int c, FILE* stream); Link Here

(-)b/contrib/libc++/include/cstdio (-4 lines)
74	int fputs(const char* restrict s, FILE* restrict stream);	74	int fputs(const char* restrict s, FILE* restrict stream);
75	int getc(FILE* stream);	75	int getc(FILE* stream);
76	int getchar(void);	76	int getchar(void);
77	char* gets(char* s); // removed in C++14
78	int putc(int c, FILE* stream);	77	int putc(int c, FILE* stream);
79	int putchar(int c);	78	int putchar(int c);
80	int puts(const char* s);	79	int puts(const char* s);
Lines 153-161 using ::tmpnam; Link Here
153		152
154	#ifndef _LIBCPP_HAS_NO_STDIN	153	#ifndef _LIBCPP_HAS_NO_STDIN
155	using ::getchar;	154	using ::getchar;
156	#if _LIBCPP_STD_VER <= 11 && !defined(_LIBCPP_MSVCRT)
157	using ::gets;
158	#endif
159	using ::scanf;	155	using ::scanf;
160	using ::vscanf;	156	using ::vscanf;
161	#endif	157	#endif

Lines 33-38 __RCSID("$NetBSD: h_gets.c,v 1.1 2010/12/27 02:04:19 pgoyette Exp $"); Link Here

(-)b/contrib/netbsd-tests/lib/libc/ssp/h_gets.c (+16 lines)
33		33
34	#include <stdio.h>	34	#include <stdio.h>
35		35
		36	#ifdef __FreeBSD__
		37	/*
		38	* We want to test the gets() implementation, but cannot simply link against
		39	* the gets symbol because it is not in the default version. (We've made it
		40	* unavailable by default on FreeBSD because it should not be used.)
		41	*
		42	* This is a workaround to access gets@FBSD_1.0.
		43	*/
		44	char unsafe_gets(char );
		45	char gets(char buf)
		46	{
		47	return unsafe_gets(buf);
		48	}
		49	__sym_compat(gets, unsafe_gets, FBSD_1.0);
		50	#endif
		51
36	int	52	int
37	main(int argc, char *argv[])	53	main(int argc, char *argv[])
38	{	54	{

Lines 37-43 Link Here

(-)b/lib/libc/stdio/fgets.3 (-39 / +7 lines)
37	.Os	37	.Os
38	.Sh NAME	38	.Sh NAME
39	.Nm fgets ,	39	.Nm fgets ,
40	.Nm gets ,
41	.Nm gets_s	40	.Nm gets_s
42	.Nd get a line from a stream	41	.Nd get a line from a stream
43	.Sh LIBRARY	42	.Sh LIBRARY
Lines 48-55 Link Here
48	.Fn fgets "char * restrict str" "int size" "FILE * restrict stream"	47	.Fn fgets "char * restrict str" "int size" "FILE * restrict stream"
49	.Ft char *	48	.Ft char *
50	.Fn gets_s "char *str" "rsize_t size"	49	.Fn gets_s "char *str" "rsize_t size"
51	.Ft char *
52	.Fn gets "char *str"
53	.Sh DESCRIPTION	50	.Sh DESCRIPTION
54	The	51	The
55	.Fn fgets	52	.Fn fgets
Lines 81-103 except that the newline character (if any) is not stored in the string. Link Here
81	The	78	The
82	.Fn gets	79	.Fn gets
83	function	80	function
84	is equivalent to	81	was unsafe and is no longer available.
85	.Fn fgets
86	with an infinite
87	.Fa size
88	and a
89	.Fa stream
90	of
91	.Dv stdin ,
92	except that the newline character (if any) is not stored in the string.
93	It is the caller's responsibility to ensure that the input line,
94	if any, is sufficiently short to fit in the string.
95	.Sh RETURN VALUES	82	.Sh RETURN VALUES
96	Upon successful completion,	83	Upon successful completion,
97	.Fn fgets ,	84	.Fn fgets
98	.Fn gets_s ,
99	and	85	and
100	.Fn gets	86	.Fn gets_s
101	return	87	return
102	a pointer to the string.	88	a pointer to the string.
103	If end-of-file occurs before any characters are read,	89	If end-of-file occurs before any characters are read,
Lines 109-118 they return Link Here
109	.Dv NULL	95	.Dv NULL
110	and the buffer contents are indeterminate.	96	and the buffer contents are indeterminate.
111	The	97	The
112	.Fn fgets ,	98	.Fn fgets
113	.Fn gets_s ,
114	and	99	and
115	.Fn gets	100	.Fn gets_s
116	functions	101	functions
117	do not distinguish between end-of-file and error, and callers must use	102	do not distinguish between end-of-file and error, and callers must use
118	.Xr feof 3	103	.Xr feof 3
Lines 139-146 or Link Here
139	.Xr malloc 3 .	124	.Xr malloc 3 .
140	.Pp	125	.Pp
141	The function	126	The function
142	.Fn gets
143	and
144	.Fn gets_s	127	.Fn gets_s
145	may also fail and set	128	may also fail and set
146	.Va errno	129	.Va errno
Lines 153-163 for any of the errors specified for the routine Link Here
153	.Xr fgetws 3 ,	136	.Xr fgetws 3 ,
154	.Xr getline 3	137	.Xr getline 3
155	.Sh STANDARDS	138	.Sh STANDARDS
156	The functions	139	The
157	.Fn fgets	140	.Fn fgets
158	and	141	function conforms to
159	.Fn gets
160	conform to
161	.St -isoC-99 .	142	.St -isoC-99 .
162	.Fn gets_s	143	.Fn gets_s
163	conforms to	144	conforms to
Lines 166-181 K.3.7.4.1. Link Here
166	.Fn gets	147	.Fn gets
167	has been removed from	148	has been removed from
168	.St -isoC-2011 .	149	.St -isoC-2011 .
169	.Sh SECURITY CONSIDERATIONS
170	The
171	.Fn gets
172	function cannot be used securely.
173	Because of its lack of bounds checking,
174	and the inability for the calling program
175	to reliably determine the length of the next incoming line,
176	the use of this function enables malicious users
177	to arbitrarily change a running program's functionality through
178	a buffer overflow attack.
179	It is strongly suggested that the
180	.Fn fgets
181	function be used in all cases.