In the Preparing for the patch subsection of this chapter, we have already located the place where the patch should be applied in the hex editor, which is at the file offset 0x4198. The application of the patch is rather simple --we copy the bytes from the patch.bin file into the executable at the aforementioned location and get the following:

Now save the file and we are done. The executable has been patched and would use fgets() instead of gets() from now on. We may check this by running the executable and feeding a very long string instead of a name:

As we see, such input no longer causes any error as with fgets() at most 127 characters are read, thus keeping our stack safe, and we see the result in the preceding screenshot; --the output is truncated.