char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal ?
Regards,
-chip
15  1390 
chip wrote: Can one call this function and use the buffer returned or is this
illegal ?
Very, very illegal. This is one of the many ways you can blow your leg off
in C/C++.
--
gabriel
"chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no... char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal
?
This stores in "buffer" and you're code is horribly insecure too. You could
use
char *getdata(const char *str)
{
static char buffer[200];
memset(buffer, 0, sizeof(buffer));
strncpy(buffer, "We are here ", sizeof(buffer)-1);
strncat(buffer, str, sizeof(buffer)-1);
return buffer;
}
Except this is not thread safe [e.g. two threads that call this will munge
the function return value.
Tom
Tom St Denis wrote: "chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no...
char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal
?
This stores in "buffer" and you're code is horribly insecure too. You could
use
char *getdata(const char *str)
{
static char buffer[200];
memset(buffer, 0, sizeof(buffer));
Why ?
strncpy(buffer, "We are here ", sizeof(buffer)-1);
Why not just use strcpy() ? strncat(buffer, str, sizeof(buffer)-1);
Bug. What if strlen(str) > sizeof(buffer) - 1 - strlen("We are here ") ?
return buffer;
}
Except this is not thread safe [e.g. two threads that call this will munge
the function return value.
Bjørn
PS: The original version was thread safe ;-)
--
The worlds fastest web server is now available
at http://highlander.metasystems.no:2000. Enjoy!
Tom St Denis wrote: Except this is not thread safe [e.g. two threads that call this will
munge the function return value.
Nor will it work if he does something like:
char *a = GetData("Whatever1");
char *b = GetData("Whatever2");
Then a will lose its value on the second call.
Given that the OP is asking this question, I would guess that he would go
on to make teh above successino of calls and run into trouble there.
What the OP needs to do, IMHO, is read up and fully understand how C memory
management works.
--
gabriel
chip wrote: char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal
?
Returning str from this function is perfectly acceptable. I'm not sure why
"gabriel" thought otherwise. Returning buffer from this function would very
definitely not be acceptable, since you'd be returning a pointer to an
automatic object which would no longer exist by the time that pointer value
could be inspected.
Incidentally, your code doesn't check that the data you provide will fit in
the buffer.
--
Richard Heathfield : bi****@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
"gabriel" <no@no--spam.com> wrote in message
news:2a***************************@msgid.meganewss ervers.com... Tom St Denis wrote:
Except this is not thread safe [e.g. two threads that call this will
munge the function return value.
Nor will it work if he does something like:
char *a = GetData("Whatever1");
char *b = GetData("Whatever2");
Then a will lose its value on the second call.
Given that the OP is asking this question, I would guess that he would go
on to make teh above successino of calls and run into trouble there.
What the OP needs to do, IMHO, is read up and fully understand how C
memory management works.
That's a big 10-4.
Tom
Richard Heathfield wrote: Returning str from this function is perfectly acceptable. I'm not sure
why "gabriel" thought otherwise. Returning buffer from this function
would very definitely not be acceptable, since you'd be returning a
pointer to an automatic object which would no longer exist by the time
that pointer value could be inspected.
I thoroughly apologize, I read too fast. I could have sworn I saw return
(buffer).
--
gabriel
gabriel wrote: Very, very illegal. This is one of the many ways you can blow your
leg off in C/C++.
Disregard this reply from me. I'm an idiot and did not read your code
correctly.
--
gabriel
"chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no... char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
you are returning str
}
Can one call this function and use the buffer returned or is this illegal
?
as is - yes it is legal to use the return value of the function - assuming
it was legal to use the value passed in as str
now, if you meant to return buffer, then yes it is 'illegal' to use the
return value - after returning from getdata.
Tom St Denis wrote:
"chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no... char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal ?
This stores in "buffer" and you're code is horribly insecure too. You
could use
char *getdata(const char *str)
{
static char buffer[200];
memset(buffer, 0, sizeof(buffer));
strncpy(buffer, "We are here ", sizeof(buffer)-1);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ strncat(buffer, str, sizeof(buffer)-1);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
And your code is super-secure?
return buffer;
}
Except this is not thread safe [e.g. two threads that call this will munge
the function return value.
It is braindead and useless as well. (Taste of your own medicine. If it
doesn't kill you, it might make you stronger).
-nrk.
Tom
--
Remove devnull for email
"nrk" <ra*********@devnull.verizon.net> wrote in message
news:fh******************@nwrddc02.gnilink.net... Tom St Denis wrote:
"chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no... char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this
illegal ?
This stores in "buffer" and you're code is horribly insecure too. You
could use
char *getdata(const char *str)
{
static char buffer[200];
memset(buffer, 0, sizeof(buffer));
strncpy(buffer, "We are here ", sizeof(buffer)-1);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ strncat(buffer, str, sizeof(buffer)-1);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
And your code is super-secure?
What is wrong with my function calls? I only allow upto size-1 bytes and I
memset before [all nulls]. As far as I can tell you can't overflow buffer
unless you have a buggy libc.
However, if I did make a real mistake please share it.
Tom
"Tom St Denis" <to********@iahu.ca> wrote in message
news:em*********************@news01.bloor.is.net.c able.rogers.com...
"nrk" <ra*********@devnull.verizon.net> wrote in message
news:fh******************@nwrddc02.gnilink.net... Tom St Denis wrote:
"chip" <no****@hotmail.com> wrote in message
news:yQ*****************@news2.e.nsc.no...
> char *getdata(char *str)
> {
> char buffer[200];
> sprintf( buffer, "We are here %s", str );
> return (str);
> }
>
> Can one call this function and use the buffer returned or is this illegal ?
This stores in "buffer" and you're code is horribly insecure too. You
could use
char *getdata(const char *str)
{
static char buffer[200];
memset(buffer, 0, sizeof(buffer));
strncpy(buffer, "We are here ", sizeof(buffer)-1); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ strncat(buffer, str, sizeof(buffer)-1);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
And your code is super-secure?
What is wrong with my function calls? I only allow upto size-1 bytes and
I memset before [all nulls]. As far as I can tell you can't overflow buffer
unless you have a buggy libc.
However, if I did make a real mistake please share it.
Foot mouth...
sizeof(buffer) - strlen(buffer) - 1
should be the right argument.
Teach me to post during an opsys class..
Tom
[P.S. Sorry peeps.]
In <yQ*****************@news2.e.nsc.no> "chip" <no****@hotmail.com> writes: char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal ?
Nothing illegal here, provided that the input string is small enough not
to cause a buffer overrun. But your function is pefectly useless, because
the buffer goes aways as soon as you return from it.
If you intended to return buffer instead of str, the caller would get
an indeterminate and useless pointer value, because the lifetime of the
automatically allocated buffer expires at the end of the function.
A working version would be:
char *getdata(char *str)
{
static char buffer[200];
sprintf(buffer, "We are here %s", str);
return buffer;
}
but this has its specific caveats and has to be carefully used. Consider:
printf("%s ||| %s\n", getdata("foo"), getdata("bar"));
Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de
Richard Heathfield wrote: chip wrote:
char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Returning str from this function is perfectly acceptable. I'm not
sure why "gabriel" thought otherwise. Returning buffer from this
function would very definitely not be acceptable, since you'd be
returning a pointer to an automatic object which would no longer
exist by the time that pointer value could be inspected.
Incidentally, your code doesn't check that the data you provide
will fit in the buffer.
AFAICS the code serves two purposes:
1. To excite Tom into a mouth frothing frenzy.
2. To function as a NOP until strlen(str) exceeds roughly 200,
and then to serve as an exploitable security leak. Notice the sly
way it returns the base address of the injected code. In normal
use it could be called "validate" and likely escape peer review in
usage. A macro in the source file of the form "#define getdata
validate" will look innocuous (sp?) and further obscure the
interactions.
Suggested usage:
if (!validate(somestring)) {
/* code only reached for somestring==NULL */
}
Color me Machiavellian.
--
Chuck F (cb********@yahoo.com) (cb********@worldnet.att.net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net> USE worldnet address!
"chip" <no****@hotmail.com> writes: char *getdata(char *str)
{
char buffer[200];
sprintf( buffer, "We are here %s", str );
return (str);
}
Can one call this function and use the buffer returned or is this illegal ?
Note that "the buffer returned" is not the object declared as
"buffer". I think that's the wording that confused a lot of people.
It looks ok as long as str is a valid pointer to a string that isn't
too long.
I presume this is a fragment of a larger function that actually does
something useful. As it is, you copy characters into "buffer", but
you never refer to it. The declaration of "buffer" and the call to
sprintf could be deleted without affecting the visible behavior of the
function (other than avoiding undefined behavior in some cases).
(A very minor point: the parentheses on the return statement are
harmless but unnecessary.)
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://www.sdsc.edu/~kst>
Schroedinger does Shakespeare: "To be *and* not to be" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Greg Scharlemann |
last post by:
I have set up Apache Axis with a Resin server. Everything seems to be
set up correctly, axis will validate if I display the
http://axis.scharlemann.com/axis/happyaxis.jsp file. However when I...
|
by: qwejohn |
last post by:
Hello,
I had posted this question in the twisted mailing list but did not
got a solution ; I hope that the python Gurus of this forum can help me
a bit.
I am trying the exmaple in the python...
|
by: Alex Vinokur |
last post by:
=========================================
Windows 2000
CYGWIN_NT-5.0 1.3.22(0.78/3/2)
GNU gcc version 3.2 20020927 (prerelease)
=========================================
Here is some program...
|
by: Anandan |
last post by:
Hi,
This is regarding Dataset Filter:
WILDCARD CHARACTERS
Both the * and % can be used interchangeably for wildcards in a LIKE
comparison. If the string in a LIKE clause contains a * or %,...
|
by: Larry Lard |
last post by:
Today I discovered that a syntax that I thought was forbidden in C# but
allowed in VB.NET (and I _don't like_ that it's allowed in VB.NET) is
actually allowed in C#. Which confused me. The syntax...
|
by: Bill Fallon |
last post by:
I have a VS2005 VB.Net windows form application deployed to a share drive.
The windows explorer security permissions for this application (.exe) file
is set for Everyone with List Folder/Read Data...
|
by: haijin.biz |
last post by:
I tried the following code and found that the form
#include <iostream>
using namespace std;
int main(int argc, char** argv)
{
//int a; // error C2466: cannot allocate an array of constant...
|
by: Markus |
last post by:
Hi
My ISP seems to have made a PHP version upgrade - without any change in
the code, a new error occurs:
PHP Warning: ftp_nlist() : open_basedir restriction
in effect. File(/var/tmp/) is not...
|
by: Abandoned |
last post by:
Hi..
I want to delete all now allowed characters in my text.
I use this function:
def clear(s1=""):
if s1:
allowed =
s1 = "".join(ch for ch in s1 if ch in allowed)
return s1
|
by: dspfun |
last post by:
Hi!
Are suffixes allowed on expressions?
For example, is the following allowed:
#define SECONDS_PER_YEAR (60 * 60 * 365) UL
I found this in a C test at...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
