hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Explain the danger of gets a bit more in qhelp.

Browse Source
This commit is contained in:
Geoffrey White
2019-01-31 11:32:20 +00:00
parent 0541950c44
commit f73a3a6a24
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp
View File

@@ -8,7 +8,7 @@ use. Currently, it checks for calls
to <code>gets</code> and <code>gmtime</code>. See <strong>Related rules</strong>
below for rules that identify other dangerous functions.</p>
<p>The <code>gets</code> function is one of the vulnerabilities exploited by the Internet Worm of 1988, one of the first computer worms to spread through the Internet.</p>
<p>The <code>gets</code> function is one of the vulnerabilities exploited by the Internet Worm of 1988, one of the first computer worms to spread through the Internet. The <code>gets</code> function provides no way to limit the amount of data that is read and stored, so without prior knowledge of the input it is impossible to use it safely with any size of buffer.</p>
<p>The <code>gmtime</code> function fills data into a <code>tm</code>
struct in shared memory and then returns a pointer to that struct. If