On Dec 22, 2006, at 24:25, Spitfire wrote:

>   I'm a newbie in Ruby. And, after a first couple of tutorials, I came
> across the function 'gets'. Being similar to the function in C, I was
> wondering if this would expose programs written in Ruby to buffer  
> overflow
> vulnerabilities?

Ruby's gets is similar to C's gets only if you squint really hard.   
Likely the biggest problem you'll come across with gets in ruby is a  
stream of bytes with no newline.

> Or am I overlooking something here that would invalidate such an  
> argument? I mean, does the 'gets' in ruby perform bounds checking?

All strings in ruby are bounds-checked.

-- 
Eric Hodel - drbrain / segment7.net - http://blog.segment7.net

I LIT YOUR GEM ON FIRE!