Tuesday, April 12, 2005

No long names allowed.

#include <string.h>

int main(int argc, char *argv[]){
unsigned short s;
int i;
char buf[80];

if(argc < 3){
return -1;
}

i = atoi(argv[1]);
s = i;

if(s >= 80){
printf("We dont allow big names.\n");
return -1;
}

strncpy(buf, argv[2], i);
printf("%s\n", buf);
return 0;
}

After compiling, execute it following way:
$ ./a.out 81 alpha0
We dont allow big names.
$./a.out 79 alpha0
alpha0

6 comments:

rzo said...

Int overfflow ;)

$ ./x 65555 `perl -e 'print "Rzo" x 50'`
Segmentation fault

$

Cya

Alpha0 said...

Amazing.

How to avoid it?

--Alpha0

rzo said...

Hummm, maybe this way...

int main(int argc, char *argv[]){
unsigned short s;
int i;
char buf[80];

if(argc < 3){
return -1;
}

i = atoi(argv[1]);
s = i;

if(s >= 80){
printf("We dont allow big names.\n");
return -1;
}

memset(buf, '\0', sizeof(buf));
strncpy(buf, argv[2], sizeof(buf)-1);
printf("%s\n", buf);
return 0;
}

So now....

$ gcc -o x a.c
$ ./x 65550 `perl -e 'print "rzo" x 50'`
rzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzorzor
$

cya ;)

rzo said...

Alpha0 can you exploit my changes ?

cya

Alpha0 said...

Can anyone find bugs in rzo's solution?

Hey rzo,
Are you from Ring-of-fire?

#Alpha0

rzo said...

Hi Alpha0,

Yes, I'm from ROF. ;)

Cya