...
char buffer[25];
printf("\nEnter Text : ");
gets(buffer);
...
Program description:
The buffer is allotted with size 25bytes and it is used to get an input from the user.
Problem:
The gets() function lacks bound-checking and so an attacker can input a string longer than 25 characters and overflow the buffer to overwrite the next address locations and even overwrite the return address of the function call. This will even lead to invoking a shel.
Solution:
To get input from stdin, use
fgets(buffer,25,stdin);
which performs bound-checking.
char buffer[25];
printf("\nEnter Text : ");
gets(buffer);
...
Program description:
The buffer is allotted with size 25bytes and it is used to get an input from the user.
Problem:
The gets() function lacks bound-checking and so an attacker can input a string longer than 25 characters and overflow the buffer to overwrite the next address locations and even overwrite the return address of the function call. This will even lead to invoking a shel.
Solution:
To get input from stdin, use
fgets(buffer,25,stdin);
which performs bound-checking.
