gets in ruby

[Spitfire]

I'm a newbie in Ruby. And, after a first couple of tutorials, I came
across the function 'gets'. Being similar to the function in C, I was
wondering if this would expose programs written in Ruby to buffer overflow
vulnerabilities? Or am I overlooking something here that would invalidate
such an argument? I mean, does the 'gets' in ruby perform bounds checking?

 

[Eric Hodel]

I'm a newbie in Ruby. And, after a first couple of tutorials, I came
across the function 'gets'. Being similar to the function in C, I was
wondering if this would expose programs written in Ruby to buffer
overflow
vulnerabilities?

Ruby's gets is similar to C's gets only if you squint really hard.
Likely the biggest problem you'll come across with gets in ruby is a
stream of bytes with no newline.

Or am I overlooking something here that would invalidate such an
argument? I mean, does the 'gets' in ruby perform bounds checking?

All strings in ruby are bounds-checked.

 

[Christopher Schneider]

No it will not expose you to buffer overflows. The memory that the =20
string is going to be put into isn't even defined yet. The call to =20
gets ends up defining a chunk of memory big enough, and putting in =20
the inputted string. Underneath the covers, the C is (supposedly) =20
coded to not cause buffer overflows.

-Chris