When discussing the drawbacks of gets(),
it is customary to point out that the
1988
``Internet worm''
exploited a call to gets()
in the Unix finger daemon as one of its methods of attack.
It overflowed gets's buffer
with
carefully-contrived
binary data
which overwrote a return address on the stack
such that control flow transferred into the binary data.
back
about this FAQ list
about eskimo
search
feedback
copyright
Hosted by
