发表新帖
发表新帖

Writing Secure C and Secure C Idioms

后端 未结
关注
7 1858
渐次进展
渐次进展 2020-12-07 08:10

\"The average man does not want to be free. He simply wants to be safe.\" - H. L. Menken

I am attempting to write very secure C. Below I

7条回答
  • 清歌不尽
    清歌不尽 (楼主)
    2020-12-07 08:50

    Don't use gets() for input, use fgets(). To use fgets(), if your buffer is automatically allocated (i.e., "on the stack"), then use this idiom:

    char buf[N];
...
if (fgets(buf, sizeof buf, fp) != NULL)

    This will keep working if you decide to change the size of buf. I prefer this form to:

    #define N whatever
char buf[N];
if (fgets(buf, N, fp) != NULL)

    because the first form uses buf to determine the second argument, and is clearer.

    Check the return value of fclose().

    0 讨论(0)
 看不清?
提交回复
热议问题