Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABU-nVQmDvX2v_3V2ZJhvkBGrKgjBK0XRkejGVsKDU8ooYJ30A@mail.gmail.com>
Date: Mon, 11 Feb 2019 18:55:24 -0800
From: Keyhan Vakil <kvakil@...keley.edu>
To: musl@...ts.openwall.com
Subject: Bug in gets function?

Hi. It seems that the gets function does not follow the C99 spec. In
particular, if the input contains a null byte in the middle of the
input, then the new-line character is not discarded.

For reference, here's the relevant part in the C99 standard
(7.19.7.7):

> The gets function reads characters from the input stream pointed to
> by stdin, into the array pointed to by s, until end-of-file is
> encountered or a new-line character is read. Any new-line character
> is discarded, and a null character is written immediately after the
> last character read into the array.

Here is an example:

    #include <stdio.h>
    char s[8];
    int main() {
        gets(s);
        for (int i = 0; i < sizeof s; i++) {
            printf("%02x ", s[i]);
        }
        printf("\n");
        return 0;
    }

When compiled against gcc:

    $ echo -e 'A\x00B' | ./a.out
    41 00 42 00 00 00 00 00

When compiled against musl:

    $ echo -e 'A\x00B' | ./a.out
    41 00 42 0a 00 00 00 00

Note the terminating newline, which contradicts the spec.

Thanks,
Keyhan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.