Content deleted Content added
m Task 18 (cosmetic): eval 3 templates: del empty params (2×); |
mNo edit summary |
||
Line 13:
An example of a [[C (programming language)|C]] program prone to a buffer overflow is<syntaxhighlight lang="c++">
int vulnerable_function(char * large_user_input) {
}
</syntaxhighlight>If the user input is larger than the destination buffer, a buffer overflow will occur.
Line 20:
To fix this unsafe program, use strncpy to prevent a possible buffer overflow.<syntaxhighlight lang="c++">
int secure_function(char * user_input) {
// copy a maximum of BUF_SIZE bytes
}
</syntaxhighlight>Another secure alternative is to dynamically allocate memory on the heap using [[malloc]].<syntaxhighlight lang="c++">
char * secure_copy(char * src) {
}
}
</syntaxhighlight>In the above code snippet, the program attempts to copy the contents of '''''src''''' into '''''dst,''''' while also checking the return value of malloc to ensure that enough memory was able to be allocated for the destination buffer.
Line 66:
</syntaxhighlight>
== Path
Path
For example, consider a script that fetches an article by taking a filename, which is then read by the script and [[Parse|parsed]]. Such a script might use the following hypothetical URL to retrieve an article about [[dog food]]:
<nowiki>
If the script has no input checking, instead trusting that the filename is always valid, a [[malicious user]] could forge a URL to retrieve configuration files from the webserver:
<nowiki>
Depending on the script, this may expose the [[Passwd#Password file|/etc/passwd]] file, which on [[Unix-like]] systems contains (among others) [[User identifier (Unix)|user IDs]], their [[Username|login names]], [[home directory]] paths and [[Operating system shell|shells]]. (See [[SQL injection]] for a similar attack.)
| |||