svn commit: r351659 - in head: contrib/libc++/include contrib/netbsd-tests/lib/libc/ssp gnu/lib/libssp include lib/libc/stdio
Ed Maste
emaste at FreeBSD.org
Sun Sep 1 16:12:10 UTC 2019
Author: emaste
Date: Sun Sep 1 16:12:05 2019
New Revision: 351659
URL: https://svnweb.freebsd.org/changeset/base/351659
Log:
libc: remove gets
gets is unsafe and shouldn't be used (for many years now). Leave it in
the existing symbol version so anything that previously linked aginst it
still runs, but do not allow new software to link against it.
(The compatability/legacy implementation must not be static so that
the symbol and in particular the compat sym gets at FBSD_1.0 make it
into libc.)
PR: 222796 (exp-run)
Reported by: Paul Vixie
Reviewed by: allanjude, cy, eadler, gnn, jhb, kib, ngie (some earlier)
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D12298
Modified:
head/contrib/libc++/include/cstdio
head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
head/gnu/lib/libssp/Makefile
head/include/stdio.h
head/lib/libc/stdio/fgets.3
head/lib/libc/stdio/gets.c
head/lib/libc/stdio/stdio.3
Modified: head/contrib/libc++/include/cstdio
==============================================================================
--- head/contrib/libc++/include/cstdio Sun Sep 1 15:39:28 2019 (r351658)
+++ head/contrib/libc++/include/cstdio Sun Sep 1 16:12:05 2019 (r351659)
@@ -74,7 +74,6 @@ int fputc(int c, FILE* stream);
int fputs(const char* restrict s, FILE* restrict stream);
int getc(FILE* stream);
int getchar(void);
-char* gets(char* s); // removed in C++14
int putc(int c, FILE* stream);
int putchar(int c);
int puts(const char* s);
@@ -153,9 +152,6 @@ using ::tmpnam;
#ifndef _LIBCPP_HAS_NO_STDIN
using ::getchar;
-#if _LIBCPP_STD_VER <= 11 && !defined(_LIBCPP_MSVCRT)
-using ::gets;
-#endif
using ::scanf;
using ::vscanf;
#endif
Modified: head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
==============================================================================
--- head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c Sun Sep 1 15:39:28 2019 (r351658)
+++ head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c Sun Sep 1 16:12:05 2019 (r351659)
@@ -33,6 +33,24 @@ __RCSID("$NetBSD: h_gets.c,v 1.1 2010/12/27 02:04:19 p
#include <stdio.h>
+#ifdef __FreeBSD__
+/*
+ * We want to test the gets() implementation, but cannot simply link against
+ * the gets symbol because it is not in the default version. (We've made it
+ * unavailable by default on FreeBSD because it should not be used.)
+ *
+ * The next two lines create an unsafe_gets() function that resolves to
+ * gets at FBSD_1.0, which we call from our local gets() implementation.
+ */
+__sym_compat(gets, unsafe_gets, FBSD_1.0);
+char *unsafe_gets(char *);
+
+char *gets(char *buf)
+{
+ return unsafe_gets(buf);
+}
+#endif
+
int
main(int argc, char *argv[])
{
Modified: head/gnu/lib/libssp/Makefile
==============================================================================
--- head/gnu/lib/libssp/Makefile Sun Sep 1 15:39:28 2019 (r351658)
+++ head/gnu/lib/libssp/Makefile Sun Sep 1 16:12:05 2019 (r351659)
@@ -17,7 +17,7 @@ LIB= ssp
SHLIB_MAJOR= 0
LD_FATAL_WARNINGS= no
-SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
+SRCS= ssp.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \
strcat-chk.c strcpy-chk.c strncat-chk.c strncpy-chk.c \
vsnprintf-chk.c vsprintf-chk.c
Modified: head/include/stdio.h
==============================================================================
--- head/include/stdio.h Sun Sep 1 15:39:28 2019 (r351658)
+++ head/include/stdio.h Sun Sep 1 16:12:05 2019 (r351659)
@@ -269,7 +269,6 @@ long ftell(FILE *);
size_t fwrite(const void * __restrict, size_t, size_t, FILE * __restrict);
int getc(FILE *);
int getchar(void);
-char *gets(char *);
#if __EXT1_VISIBLE
char *gets_s(char *, rsize_t);
#endif
Modified: head/lib/libc/stdio/fgets.3
==============================================================================
--- head/lib/libc/stdio/fgets.3 Sun Sep 1 15:39:28 2019 (r351658)
+++ head/lib/libc/stdio/fgets.3 Sun Sep 1 16:12:05 2019 (r351659)
@@ -32,12 +32,11 @@
.\" @(#)fgets.3 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
-.Dd April 3, 2018
+.Dd September 1, 2019
.Dt FGETS 3
.Os
.Sh NAME
.Nm fgets ,
-.Nm gets ,
.Nm gets_s
.Nd get a line from a stream
.Sh LIBRARY
@@ -48,8 +47,6 @@
.Fn fgets "char * restrict str" "int size" "FILE * restrict stream"
.Ft char *
.Fn gets_s "char *str" "rsize_t size"
-.Ft char *
-.Fn gets "char *str"
.Sh DESCRIPTION
The
.Fn fgets
@@ -81,23 +78,12 @@ except that the newline character (if any) is not stor
The
.Fn gets
function
-is equivalent to
-.Fn fgets
-with an infinite
-.Fa size
-and a
-.Fa stream
-of
-.Dv stdin ,
-except that the newline character (if any) is not stored in the string.
-It is the caller's responsibility to ensure that the input line,
-if any, is sufficiently short to fit in the string.
+was unsafe and is no longer available.
.Sh RETURN VALUES
Upon successful completion,
-.Fn fgets ,
-.Fn gets_s ,
+.Fn fgets
and
-.Fn gets
+.Fn gets_s
return
a pointer to the string.
If end-of-file occurs before any characters are read,
@@ -109,10 +95,9 @@ they return
.Dv NULL
and the buffer contents are indeterminate.
The
-.Fn fgets ,
-.Fn gets_s ,
+.Fn fgets
and
-.Fn gets
+.Fn gets_s
functions
do not distinguish between end-of-file and error, and callers must use
.Xr feof 3
@@ -139,8 +124,6 @@ or
.Xr malloc 3 .
.Pp
The function
-.Fn gets
-and
.Fn gets_s
may also fail and set
.Va errno
@@ -153,11 +136,9 @@ for any of the errors specified for the routine
.Xr fgetws 3 ,
.Xr getline 3
.Sh STANDARDS
-The functions
+The
.Fn fgets
-and
-.Fn gets
-conform to
+function conforms to
.St -isoC-99 .
.Fn gets_s
conforms to
@@ -166,16 +147,3 @@ K.3.7.4.1.
.Fn gets
has been removed from
.St -isoC-2011 .
-.Sh SECURITY CONSIDERATIONS
-The
-.Fn gets
-function cannot be used securely.
-Because of its lack of bounds checking,
-and the inability for the calling program
-to reliably determine the length of the next incoming line,
-the use of this function enables malicious users
-to arbitrarily change a running program's functionality through
-a buffer overflow attack.
-It is strongly suggested that the
-.Fn fgets
-function be used in all cases.
Modified: head/lib/libc/stdio/gets.c
==============================================================================
--- head/lib/libc/stdio/gets.c Sun Sep 1 15:39:28 2019 (r351658)
+++ head/lib/libc/stdio/gets.c Sun Sep 1 16:12:05 2019 (r351659)
@@ -45,10 +45,8 @@ __FBSDID("$FreeBSD$");
#include "libc_private.h"
#include "local.h"
-__warn_references(gets, "warning: this program uses gets(), which is unsafe.");
-
char *
-gets(char *buf)
+__gets_unsafe(char *buf)
{
int c;
char *s, *ret;
@@ -78,3 +76,4 @@ end:
FUNLOCKFILE_CANCELSAFE();
return (ret);
}
+__sym_compat(gets, __gets_unsafe, FBSD_1.0);
Modified: head/lib/libc/stdio/stdio.3
==============================================================================
--- head/lib/libc/stdio/stdio.3 Sun Sep 1 15:39:28 2019 (r351658)
+++ head/lib/libc/stdio/stdio.3 Sun Sep 1 16:12:05 2019 (r351659)
@@ -279,7 +279,6 @@ library conforms to
.It "getchar get next character or word from input stream"
.It "getdelim get a line from a stream"
.It "getline get a line from a stream"
-.It "gets get a line from a stream"
.It "getw get next character or word from input stream"
.It "getwc get next wide character from input stream"
.It "getwchar get next wide character from input stream"
More information about the svn-src-head
mailing list