Usage of scanf to prevent buffer overflow...

wrote:

Hi all...this is a great forum,
In one of my posts, someone tell me that is more secure use input function with 'A field-width specifier'...
So my question, which function i should use ?.
"scanf("%s",start->acNome);"

guarantee for hackers to kontaminate your mashine with >>viruses of

any kind. Don't use scanf or buffer overflow >>ruins your mashine.

Best regards..all..and have a nice day(scholastic phrase :-)))....

The general convention is to use fgets rather than scanf to enter
strings.
--
ISA

wrote:

Hi all...this is a great forum,
In one of my posts,
someone tell me that is more secure use input function
with 'A field-width specifier'...
So my question, which function i should use ?.

"scanf("%s",start->acNome);"

scanf is fine for string input, and easy,
once you've seen how it's done.
In new.c, input characters beyond LENGTH, will be discarded.
rc can be assigned a value of EOF or 0 or 1.
If rc equals 1, then you have a string in 'array'.
If rc equals 0, then the line which was read,
only had a newline character,
and there is not guaranteed to be a string in 'array'.
If rc equals EOF, then you have an input failure occuring
before any conversion,
and there is not guaranteed to be a string in 'array'.

/* BEGIN new.c */

#include <stdio.h>

#define LENGTH 100
#define str(x) # x
#define xstr(x) str(x)

int main(void)
{
int rc;
char array[LENGTH + 1];

fputs("Enter any string: ", stdout);
fflush(stdout);
rc = scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
if (!feof(stdin)) {
getchar();
}
while (rc == 1) {
printf("Your string was %s\n", array);
fputs("Enter any string to continue, "
"or just hit the Enter key to end the program: ",
stdout);
fflush(stdout);
rc = scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
if (!feof(stdin)) {
getchar();
}
}
return 0;
}

/* END new.c */

--
pete

"" <> wrote:

Hi all...this is a great forum,
In one of my posts, someone tell me that is more secure use input function
with 'A field-width specifier'...
Not just _more_ secure; using a field width specifier is the _only_
secure input choice. Well, there's fgetc() and related functions, but
you can think of them as having a built-in, unchangeable field width
specifier of 1.
So my question, which function i should use ?.
Any but gets(), _but_ use them correctly.
"scanf("%s",start->acNome);"

guarantee for hackers to kontaminate your mashine with >>viruses of any

kind. Don't use scanf or buffer overflow >>ruins your mashine.

That's too strong. scanf() _as used above_ is guarantee to get you a
buffer overflow problem one happy day. scanf() is no problem when used
correctly, i.e., _with_ a field specifier. For example, if start->acNome
is 20 chars long, scanf("%19s", start->acNome); is safe.

I'd advise against scanf(), but only because it is tricky to use
correctly with any except predictable-width data, and %s does not do
what most newbies think it does. fgets() is much easier to use, and has
the advantage that it _requires_, not just allows, you to specify a
maximum input width.

Richard

Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.

this work correctly:

#define str(x) # x
#define xstr(x) str(x)

rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);

...but if i put only one define:
#define xstr(x) # x...this don't works.

Sorry for my question..:-)

Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.

this work correctly:

#define str(x) # x
#define xstr(x) str(x)

rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);

...but if i put only one define:
#define xstr(x) # x...this don't works.

Sorry for my question..:-)

Now i know why macro define is call two times..the first
make the substitution of the 'LENGTH' define value and the second
concatenate...
But now, why i can't use:

#define explode_macro(x) #x

int main....
char acMessage[10+1];

This macro below has an undefined behavior.

printf("%%"expolde_macro(10)"s");

If i miss one of the two '%' i can't see anything.
But if i place two i can see correctly:

$10s....

so, once execute the scanf:

scanf("%%"expolde_macro(10)"s",acMessage);

when i print out the value of acMessage i receive only
garbage....

Why ???

Hi another...:-)

In <10**********************@c13g2000cwb.googlegroups .com> "Minti" <mi************@yahoo.com> writes:

wrote:

Hi all...this is a great forum,
In one of my posts, someone tell me that is more secure use input

function

with 'A field-width specifier'...
So my question, which function i should use ?.
"scanf("%s",start->acNome);"

>>guarantee for hackers to kontaminate your mashine with >>viruses of

any

kind. Don't use scanf or buffer overflow >>ruins your mashine.

Best regards..all..and have a nice day(scholastic phrase :-)))....

The general convention is to use fgets rather than scanf to enter
strings.

There is no such general convention that I'm aware of. scanf is far
better for this job than fgets. It could have been even better if it
had the printf * feature, but this can be worked around in the rare cases
when it's *really* needed.

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de
Currently looking for a job in the European Union

On Wed, 20 Oct 2004 11:31:21 -0400, "lasek" <cl**************@acrm.it>
wrote:

Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.

this work correctly:

#define str(x) # x
#define xstr(x) str(x)

rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);

..but if i put only one define:
#define xstr(x) # x...this don't works.

Sorry for my question..:-)

This has been explained before (you can search the archives at
www.google.com) but the explanation can be complicated for someone,
like us, not intimately familiar with the details of the standard,
sort of like quantum mechanics.

An easier approach is to run some samples through your compiler with
the options set so you can review the output of the pre-processor. In
this way you can see what is generated for each of the constructs you
code and why one approach works and another doesn't. Try it with both
numeric constants and #define names.
<<Remove the del for email>>

On Wed, 20 Oct 2004 11:31:21 -0400, "lasek" <cl**************@acrm.it>
wrote:

Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.

FAQ 11.17, at the usual places and
http://www.eskimo.com/~scs/C-faq/top.html

- David.Thompson1 at worldnet.att.net

You must be careful with one thing if using scanf() - This function
considers a space character (ASCII-32) as a null character (ASCII-00)
and terminates the string if a space is encountered. I have noticed
this behaviour on a old 16-bit Borland Turbo C 2.0 Compiler. This may
not be the case with the newer compilers. I always prefer using gets()
in the compilers of that era.

On 1 Nov 2004 10:58:05 -0800
dh********@gmail.com (Dhruv Ahuja) wrote:

Please include some context so we know what the hell you are replying
to.

You must be careful with one thing if using scanf() - This function
considers a space character (ASCII-32) as a null character (ASCII-00)
No, it definitely does NOT. Firstly the system may not use ASCII (not
all systems do) and secondly, assuming you are talking about the %s
format specifier, that is defined by the standard as terminating at the
first white space character.
and terminates the string if a space is encountered. I have noticed
this behaviour on a old 16-bit Borland Turbo C 2.0 Compiler.
That does not mean it treats a space as a null character. It just means
that it is doing the right things according to the specification of the
function.
This may
not be the case with the newer compilers. I always prefer using gets()
in the compilers of that era.

NO. DON'T DO THIS. EVER.

I suggest you actually learn about things before giving advice on them.
A good start would be reading the FAQ for comp.lang.c which explains why
you should never use gets, also reading K&R and doing the exercises
would be a good idea.
--
Flash Gordon
Sometimes I think shooting would be far too good for some people.
Although my email address says spam, it is real and I read it.