Thread: command line inputs causing strange errors, what's going on?

  1. #1
    Registered User
    Join Date
    Jun 2011
    Posts
    30

    command line inputs causing strange errors, what's going on?

    This a piece that takes 3 input parameters from command line on startup (besides the app name that makes it 4 parameters).

    The code works like it should most of the times, take a look at it and I present the cases when it does not work after it:

    Code:
    #include <stdio.h>
    
    //----------------------------------------------------------------
    // Source file for CMDCalutator.exe, a basic calculator.
    // Use it by typing:
    //     "calculator <ar op> <int> <int>" in the command promt
    // where <ar op> stands for aritmetic operation +, -, * and /
    //----------------------------------------------------------------
    int main(int argc, char *argv[]) {
    
        printf ("%s\n", argv[1]);
        printf ("%d\n", atoi(argv[2]));
        printf ("%d\n", atoi(argv[3]));
    }
    Case one, following input makes the app crash. Mind the fact that the numbers could be any integer number:

    Code:
    CMDCalculator & 432 446
    And following input gives an unexpected output

    Code:
    CMDCalculator * 432 446
    output:

    Code:
    .git
    0
    0
    Once again, the integer numbers do not seem to matter. Also if I put a character in front of either & or *, I get the expected outputs.

    However, if I put a char after & I still get error and if I put a char after * (like *b) I get the name of a file in the current directory in case there is a file that ends with that char. For example:

    For *b I get "keylogger.idb", for *c i get "better.c", for *e i get "better.exe" and so it goes on for the letters where there is a file that has a name who ends with the character following *. For the others I get the expected output.

    Would someone like to explain why this happens? And how do you protect yourself against this? Cause I expect it can be used to make an exploit?

  2. #2
    Registered User
    Join Date
    Dec 2007
    Posts
    2,675
    Assuming a *nix-like system, * and & have particular meaning to the shell (glob and send task to background). You will need to escape these.

    keylogger.idb

  3. #3
    Registered User
    Join Date
    Jun 2011
    Posts
    30
    Sorry, I forgot that extremly basic info. It is Windows 7 Ultimate 64 bits. Sure, escaping them will bypass the function. Would you like to explain for what actually happens?

  4. #4
    and the Hat of Guessing tabstop's Avatar
    Join Date
    Nov 2007
    Posts
    14,336
    Explain what actually happens about what? I'm not entirely sure what & does in the windows shell. But (depending on your compiler) the shell may or may not expand * before your program even sees it. (The mingw port of gcc, and I believe cygwin as well, set things up for shell expansion; the MSVS has a setting to go either way.) (ETA: The thread as mentioned is here. And as mentioned in that thread, typing "cmd /?" at your command prompt will, eventually, after many many screens of help, tell you which characters must be quoted.)
    Last edited by tabstop; 07-11-2011 at 04:54 PM.

  5. #5
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Code:
    int main(int argc, char *argv[]) {
    
        printf ("%s\n", argv[1]);
        printf ("%d\n", atoi(argv[2]));
        printf ("%d\n", atoi(argv[3]));
    }
    Instead of assuming there are as many arguments as you expect, why don't you just print them out:
    Code:
    for( x = 0; x < argc; x++ )
        printf( "%s\n", argv[ x ] );
    When in doubt, try it for yourself.


    Quzah.
    Hope is the first step on the road to disappointment.

  6. #6
    Registered User
    Join Date
    Jun 2011
    Posts
    30
    It is 4 arguments, I printed them before. Just didnt want to put that piece there.

    tabstop: I use MinGW compiler. I think this is the keypoint:
    The mingw port of gcc, and I believe cygwin as well, set things up for shell expansion
    .

    What does that mean? Could this be use for exploits if the characters are not correctly escaped?

  7. #7
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Quote Originally Posted by Hear.Me.ROAR View Post
    It is 4 arguments, I printed them before. Just didnt want to put that piece there.
    So what's your problem then? If you are getting four different arguments, and one of them is your *, then why can't you figure out how to make it work?

    So what is it you really see when you give it & or *? You aren't telling us what is really happening. You aren't showing us what you are really getting.

    Why are you passing it & anyway? That's described as a valid argument.


    Quzah.
    Last edited by quzah; 07-11-2011 at 05:16 PM.
    Hope is the first step on the road to disappointment.

  8. #8
    and the Hat of Guessing tabstop's Avatar
    Join Date
    Nov 2007
    Posts
    14,336
    Quote Originally Posted by Hear.Me.ROAR View Post
    Could this be use for exploits if the characters are not correctly escaped?
    No. (Or at the very least it's really easy to get command-line arguments right -- after all, if the expansion does happen, you will almost surely not get the right number or types of arguments, so any normal program will just stop.) And for that matter, any programmer actually writing a program that uses command-line arguments is going to expect wildcard expansion anyway, so it's pretty moot.

  9. #9
    Registered User
    Join Date
    Jun 2011
    Posts
    30
    quzah: I tell exactly, no telling is good enough if you dont read the post. It was never about wrong number of arguments. Read it again.

  10. #10
    Registered User
    Join Date
    Jun 2011
    Posts
    30
    tabstop: Alright. But as it happens I get the right number of arguments, just a file-name instead of the second parameter (including file name) if that parameter is * followed by a character who happens be the last character of a file in the current directory.

    What does wildcard expansion mean?

  11. #11
    and the Hat of Guessing tabstop's Avatar
    Join Date
    Nov 2007
    Posts
    14,336
    Quote Originally Posted by Hear.Me.ROAR View Post
    What does wildcard expansion mean?
    So, have you ever used a computer before?

    For many commands, it would be tiresome to list all the files that you want that command to affect (for instance, in the case of dir, the whole point is to find out what files are there). So you can type "dir *.*" to list all the files in that directory, or "dir *.c" to list all the files with a .c extension, or "rm fy9?budget.xls" to get rid of all the budgets from the nineties.

    If you are only getting one filename, that must mean there's only one file that matches, and that's not a state of affairs that will last very long (e.g. if you have two C files, then *c will match (at least) two files).

  12. #12
    Registered User
    Join Date
    Jun 2011
    Posts
    30
    When I have two files that match, it pick the first one in alphabetic order. But what I wonder is, why wont I just get my character as it is? Is * threatened differently, as a way to communicate with the shell on the go?

  13. #13
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Quote Originally Posted by tabstop View Post
    So, have you ever used a computer before?
    I would be surprised if the percentage of people that have used a computer in the past decade, that have used a command line, broke the single digit range.


    Quzah.
    Hope is the first step on the road to disappointment.

  14. #14
    and the Hat of Guessing tabstop's Avatar
    Join Date
    Nov 2007
    Posts
    14,336
    Quote Originally Posted by Hear.Me.ROAR View Post
    When I have two files that match, it pick the first one in alphabetic order. But what I wonder is, why wont I just get my character as it is? Is * threatened differently, as a way to communicate with the shell on the go?
    Are you sure? Are you really really really really sure? Print out argc and all your argv's and see. I'll bet you see them all.

    Quote Originally Posted by quzah View Post
    I would be surprised if the percentage of people that have used a computer in the past decade, that have used a command line, broke the single digit range.


    Quzah.
    This is probably true, alas. I was going to say something about all the Linux users in the world, but I wonder how many of them use CLI even.

  15. #15
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by Hear.Me.ROAR View Post
    tabstop: Alright. But as it happens I get the right number of arguments, just a file-name instead of the second parameter (including file name) if that parameter is * followed by a character who happens be the last character of a file in the current directory.

    What does wildcard expansion mean?
    Type WIN+R in the Run dialog type CMD and click OK... now type cmd /? and start reading...
    The guys are steering you in the right direction.

    If you put a * on your command line it will be replaced by the first filename it finds.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. C++ templated function causing linking errors
    By coder123321 in forum C++ Programming
    Replies: 7
    Last Post: 11-18-2010, 11:38 AM
  2. copy constructor causing errors
    By yahn in forum C++ Programming
    Replies: 3
    Last Post: 12-23-2005, 02:11 PM
  3. Taking inputs at Command Line
    By Stephenf in forum C++ Programming
    Replies: 1
    Last Post: 09-28-2005, 02:33 AM
  4. Header inclusion causing errors
    By cjschw in forum C++ Programming
    Replies: 12
    Last Post: 08-11-2004, 03:48 PM
  5. question about .net to 6.0 change causing errors
    By jverkoey in forum C++ Programming
    Replies: 17
    Last Post: 03-23-2004, 10:45 AM