Index: contrib/libc++/include/cstdio =================================================================== --- contrib/libc++/include/cstdio +++ contrib/libc++/include/cstdio @@ -74,7 +74,6 @@ int fputs(const char* restrict s, FILE* restrict stream); int getc(FILE* stream); int getchar(void); -char* gets(char* s); // removed in C++14 int putc(int c, FILE* stream); int putchar(int c); int puts(const char* s); @@ -153,9 +152,6 @@ #ifndef _LIBCPP_HAS_NO_STDIN using ::getchar; -#if _LIBCPP_STD_VER <= 11 && !defined(_LIBCPP_MSVCRT) -using ::gets; -#endif using ::scanf; using ::vscanf; #endif Index: contrib/netbsd-tests/lib/libc/ssp/h_gets.c =================================================================== --- contrib/netbsd-tests/lib/libc/ssp/h_gets.c +++ contrib/netbsd-tests/lib/libc/ssp/h_gets.c @@ -33,6 +33,22 @@ #include +#ifdef __FreeBSD__ +/* + * We want to test the gets() implementation, but cannot simply link against + * the gets symbol because it is not in the default version. (We've made it + * unavailable by default on FreeBSD because it should not be used.) + * + * This is a workaround to access gets@FBSD_1.0. + */ +char *unsafe_gets(char *); +char *gets(char *buf) +{ + return unsafe_gets(buf); +} +__sym_compat(gets, unsafe_gets, FBSD_1.0); +#endif + int main(int argc, char *argv[]) { Index: gnu/lib/libssp/Makefile =================================================================== --- gnu/lib/libssp/Makefile +++ gnu/lib/libssp/Makefile @@ -17,7 +17,7 @@ SHLIB_MAJOR= 0 LD_FATAL_WARNINGS= no -SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ +SRCS= ssp.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \ strcat-chk.c strcpy-chk.c strncat-chk.c strncpy-chk.c \ vsnprintf-chk.c vsprintf-chk.c Index: include/stdio.h =================================================================== --- include/stdio.h +++ include/stdio.h @@ -269,7 +269,6 @@ size_t fwrite(const void * __restrict, size_t, size_t, FILE * __restrict); int getc(FILE *); int getchar(void); -char *gets(char *); #if __EXT1_VISIBLE char *gets_s(char *, rsize_t); #endif Index: lib/libc/stdio/fgets.3 =================================================================== --- lib/libc/stdio/fgets.3 +++ lib/libc/stdio/fgets.3 @@ -37,7 +37,6 @@ .Os .Sh NAME .Nm fgets , -.Nm gets , .Nm gets_s .Nd get a line from a stream .Sh LIBRARY @@ -48,8 +47,6 @@ .Fn fgets "char * restrict str" "int size" "FILE * restrict stream" .Ft char * .Fn gets_s "char *str" "rsize_t size" -.Ft char * -.Fn gets "char *str" .Sh DESCRIPTION The .Fn fgets @@ -81,23 +78,12 @@ The .Fn gets function -is equivalent to -.Fn fgets -with an infinite -.Fa size -and a -.Fa stream -of -.Dv stdin , -except that the newline character (if any) is not stored in the string. -It is the caller's responsibility to ensure that the input line, -if any, is sufficiently short to fit in the string. +was unsafe and is no longer available. .Sh RETURN VALUES Upon successful completion, -.Fn fgets , -.Fn gets_s , +.Fn fgets and -.Fn gets +.Fn gets_s return a pointer to the string. If end-of-file occurs before any characters are read, @@ -109,10 +95,9 @@ .Dv NULL and the buffer contents are indeterminate. The -.Fn fgets , -.Fn gets_s , +.Fn fgets and -.Fn gets +.Fn gets_s functions do not distinguish between end-of-file and error, and callers must use .Xr feof 3 @@ -139,8 +124,6 @@ .Xr malloc 3 . .Pp The function -.Fn gets -and .Fn gets_s may also fail and set .Va errno @@ -153,11 +136,9 @@ .Xr fgetws 3 , .Xr getline 3 .Sh STANDARDS -The functions +The .Fn fgets -and -.Fn gets -conform to +function conforms to .St -isoC-99 . .Fn gets_s conforms to @@ -166,16 +147,3 @@ .Fn gets has been removed from .St -isoC-2011 . -.Sh SECURITY CONSIDERATIONS -The -.Fn gets -function cannot be used securely. -Because of its lack of bounds checking, -and the inability for the calling program -to reliably determine the length of the next incoming line, -the use of this function enables malicious users -to arbitrarily change a running program's functionality through -a buffer overflow attack. -It is strongly suggested that the -.Fn fgets -function be used in all cases. Index: lib/libc/stdio/gets.c =================================================================== --- lib/libc/stdio/gets.c +++ lib/libc/stdio/gets.c @@ -45,10 +45,8 @@ #include "libc_private.h" #include "local.h" -__warn_references(gets, "warning: this program uses gets(), which is unsafe."); - char * -gets(char *buf) +__gets_unsafe(char *buf) { int c; char *s, *ret; @@ -78,3 +76,4 @@ FUNLOCKFILE_CANCELSAFE(); return (ret); } +__sym_compat(gets, __gets_unsafe, FBSD_1.0); Index: lib/libc/stdio/stdio.3 =================================================================== --- lib/libc/stdio/stdio.3 +++ lib/libc/stdio/stdio.3 @@ -279,7 +279,6 @@ .It "getchar get next character or word from input stream" .It "getdelim get a line from a stream" .It "getline get a line from a stream" -.It "gets get a line from a stream" .It "getw get next character or word from input stream" .It "getwc get next wide character from input stream" .It "getwchar get next wide character from input stream"