When discussing the drawbacks of gets(),
it is customary to point out that the
1988
``Internet worm''
exploited a call to gets()
in the Unix finger daemon as one of its methods of attack.
It overflowed gets's buffer
with
carefully-contrived
binary data
which overwrote a return address on the stack
such that control flow transferred into the binary data.
back
This page by Steve Summit
// Copyright 1995-2004
// feedback