-
Examine Code
i am good at coding and stuff so please can anyone please help me in finding 1)some vulnerability of class/type 2) the exact cause of the problem 3) How to fix the code to mitigate the vulnerability.??
Code:
int get_stuff()
{ int ran1, ran2;
char stuff[64];
ran2 = ran1 = rand(); /* get a random number */
gets(stuff);
if (ran1 != ran2)
exit(); /* something wrong */
else
/* proceed */
}
-
If you're "good at coding", then you should really know about the gets() flaws already, and how to fix them.
Or at least be able to read about it in pretty much any C programming FAQ around the net.
-
@salem - sorry that's my typo mistake, I meant to say I'm not good at programming. Can u help me with this code??
-
-
1) "get_stuff" is a terrible function name
2) variables should be declared on their own lines
3) variables should be initialised
4) Nothing should go on the same line after a curly brace
5) As mentioned gets is a big no-no
6) You're using C++ style comments
7) Always use braces with if statements
8) Don't exit from functions, especially when they have a return variable
9) Always return something unconditionally from a function that has a return value
10) Indent your code properly