svn commit: r351659 - in head: contrib/libc++/include contrib/netbsd-tests/lib/libc/ssp gnu/lib/libssp include lib/libc/stdio

Ed Maste emaste at FreeBSD.org
Sun Sep 1 16:12:10 UTC 2019 

Author: emaste
Date: Sun Sep  1 16:12:05 2019
New Revision: 351659
URL: https://svnweb.freebsd.org/changeset/base/351659

Log:
  libc: remove gets
  
  gets is unsafe and shouldn't be used (for many years now).  Leave it in
  the existing symbol version so anything that previously linked aginst it
  still runs, but do not allow new software to link against it.
  
  (The compatability/legacy implementation must not be static so that
  the symbol and in particular the compat sym gets at FBSD_1.0 make it
  into libc.)
  
  PR:		222796 (exp-run)
  Reported by:	Paul Vixie
  Reviewed by:	allanjude, cy, eadler, gnn, jhb, kib, ngie (some earlier)
  Relnotes:	Yes
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D12298

Modified:
  head/contrib/libc++/include/cstdio
  head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
  head/gnu/lib/libssp/Makefile
  head/include/stdio.h
  head/lib/libc/stdio/fgets.3
  head/lib/libc/stdio/gets.c
  head/lib/libc/stdio/stdio.3

Modified: head/contrib/libc++/include/cstdio
==============================================================================
--- head/contrib/libc++/include/cstdio	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/contrib/libc++/include/cstdio	Sun Sep  1 16:12:05 2019	(r351659)
@@ -74,7 +74,6 @@ int fputc(int c, FILE* stream);
 int fputs(const char* restrict s, FILE* restrict stream);
 int getc(FILE* stream);
 int getchar(void);
-char* gets(char* s);  // removed in C++14
 int putc(int c, FILE* stream);
 int putchar(int c);
 int puts(const char* s);
@@ -153,9 +152,6 @@ using ::tmpnam;
 
 #ifndef _LIBCPP_HAS_NO_STDIN
 using ::getchar;
-#if _LIBCPP_STD_VER <= 11 && !defined(_LIBCPP_MSVCRT)
-using ::gets;
-#endif
 using ::scanf;
 using ::vscanf;
 #endif

Modified: head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
==============================================================================
--- head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/contrib/netbsd-tests/lib/libc/ssp/h_gets.c	Sun Sep  1 16:12:05 2019	(r351659)
@@ -33,6 +33,24 @@ __RCSID("$NetBSD: h_gets.c,v 1.1 2010/12/27 02:04:19 p
 
 #include <stdio.h>
 
+#ifdef __FreeBSD__
+/*
+ * We want to test the gets() implementation, but cannot simply link against
+ * the gets symbol because it is not in the default version. (We've made it
+ * unavailable by default on FreeBSD because it should not be used.)
+ *
+ * The next two lines create an unsafe_gets() function that resolves to
+ * gets at FBSD_1.0, which we call from our local gets() implementation.
+ */
+__sym_compat(gets, unsafe_gets, FBSD_1.0);
+char *unsafe_gets(char *);
+
+char *gets(char *buf)
+{
+	return unsafe_gets(buf);
+}
+#endif
+
 int
 main(int argc, char *argv[])
 {

Modified: head/gnu/lib/libssp/Makefile
==============================================================================
--- head/gnu/lib/libssp/Makefile	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/gnu/lib/libssp/Makefile	Sun Sep  1 16:12:05 2019	(r351659)
@@ -17,7 +17,7 @@ LIB=		ssp
 SHLIB_MAJOR=	0
 LD_FATAL_WARNINGS=	no
 
-SRCS=	ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
+SRCS=	ssp.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \
 	memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \
 	strcat-chk.c strcpy-chk.c strncat-chk.c strncpy-chk.c \
 	vsnprintf-chk.c vsprintf-chk.c

Modified: head/include/stdio.h
==============================================================================
--- head/include/stdio.h	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/include/stdio.h	Sun Sep  1 16:12:05 2019	(r351659)
@@ -269,7 +269,6 @@ long	 ftell(FILE *);
 size_t	 fwrite(const void * __restrict, size_t, size_t, FILE * __restrict);
 int	 getc(FILE *);
 int	 getchar(void);
-char	*gets(char *);
 #if __EXT1_VISIBLE
 char	*gets_s(char *, rsize_t);
 #endif

Modified: head/lib/libc/stdio/fgets.3
==============================================================================
--- head/lib/libc/stdio/fgets.3	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/lib/libc/stdio/fgets.3	Sun Sep  1 16:12:05 2019	(r351659)
@@ -32,12 +32,11 @@
 .\"     @(#)fgets.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd April 3, 2018
+.Dd September 1, 2019
 .Dt FGETS 3
 .Os
 .Sh NAME
 .Nm fgets ,
-.Nm gets ,
 .Nm gets_s
 .Nd get a line from a stream
 .Sh LIBRARY
@@ -48,8 +47,6 @@
 .Fn fgets "char * restrict str" "int size" "FILE * restrict stream"
 .Ft char *
 .Fn gets_s "char *str" "rsize_t size"
-.Ft char *
-.Fn gets "char *str"
 .Sh DESCRIPTION
 The
 .Fn fgets
@@ -81,23 +78,12 @@ except that the newline character (if any) is not stor
 The
 .Fn gets
 function
-is equivalent to
-.Fn fgets
-with an infinite
-.Fa size
-and a
-.Fa stream
-of
-.Dv stdin ,
-except that the newline character (if any) is not stored in the string.
-It is the caller's responsibility to ensure that the input line,
-if any, is sufficiently short to fit in the string.
+was unsafe and is no longer available.
 .Sh RETURN VALUES
 Upon successful completion,
-.Fn fgets ,
-.Fn gets_s ,
+.Fn fgets
 and
-.Fn gets
+.Fn gets_s
 return
 a pointer to the string.
 If end-of-file occurs before any characters are read,
@@ -109,10 +95,9 @@ they return
 .Dv NULL
 and the buffer contents are indeterminate.
 The
-.Fn fgets ,
-.Fn gets_s ,
+.Fn fgets
 and
-.Fn gets
+.Fn gets_s
 functions
 do not distinguish between end-of-file and error, and callers must use
 .Xr feof 3
@@ -139,8 +124,6 @@ or
 .Xr malloc 3 .
 .Pp
 The function
-.Fn gets
-and
 .Fn gets_s
 may also fail and set
 .Va errno
@@ -153,11 +136,9 @@ for any of the errors specified for the routine
 .Xr fgetws 3 ,
 .Xr getline 3
 .Sh STANDARDS
-The functions
+The
 .Fn fgets
-and
-.Fn gets
-conform to
+function conforms to
 .St -isoC-99 .
 .Fn gets_s
 conforms to
@@ -166,16 +147,3 @@ K.3.7.4.1.
 .Fn gets
 has been removed from
 .St -isoC-2011 .
-.Sh SECURITY CONSIDERATIONS
-The
-.Fn gets
-function cannot be used securely.
-Because of its lack of bounds checking,
-and the inability for the calling program
-to reliably determine the length of the next incoming line,
-the use of this function enables malicious users
-to arbitrarily change a running program's functionality through
-a buffer overflow attack.
-It is strongly suggested that the
-.Fn fgets
-function be used in all cases.

Modified: head/lib/libc/stdio/gets.c
==============================================================================
--- head/lib/libc/stdio/gets.c	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/lib/libc/stdio/gets.c	Sun Sep  1 16:12:05 2019	(r351659)
@@ -45,10 +45,8 @@ __FBSDID("$FreeBSD$");
 #include "libc_private.h"
 #include "local.h"
 
-__warn_references(gets, "warning: this program uses gets(), which is unsafe.");
-
 char *
-gets(char *buf)
+__gets_unsafe(char *buf)
 {
 	int c;
 	char *s, *ret;
@@ -78,3 +76,4 @@ end:
 	FUNLOCKFILE_CANCELSAFE();
 	return (ret);
 }
+__sym_compat(gets, __gets_unsafe, FBSD_1.0);

Modified: head/lib/libc/stdio/stdio.3
==============================================================================
--- head/lib/libc/stdio/stdio.3	Sun Sep  1 15:39:28 2019	(r351658)
+++ head/lib/libc/stdio/stdio.3	Sun Sep  1 16:12:05 2019	(r351659)
@@ -279,7 +279,6 @@ library conforms to
 .It "getchar	get next character or word from input stream"
 .It "getdelim	get a line from a stream"
 .It "getline	get a line from a stream"
-.It "gets	get a line from a stream"
 .It "getw	get next character or word from input stream"
 .It "getwc	get next wide character from input stream"
 .It "getwchar	get next wide character from input stream"

More information about the svn-src-head mailing list