Les Howell wrote:
>> printf("%s", string) is inefficient. In
>> this case, it would be better to use puts/fputs.
>>
>unless something has changed recently fputs and puts just like gets
>and fgets have been deprecated and are discouraged due to potential
>security issues.
gets is horribly insecure because it doesn't care how long the buffer
it's writing to is.
fgets is better because it has a size parameter, but you have to take
care to pass the correct size to it. It's more risky than a real array
with bounds checking, but it's about as secure as it gets in the
standard C library.
puts and fputs aren't any more dangerous than any other handling of
null-terminated strings. There is definitely no security to be gained
by using printf instead of puts or fputs.
Björn Persson
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
