i have problem with my code...

This is a discussion on i have problem with my code... within the C Programming forums, part of the General Programming Boards category; Hello, I have written a small password program but was told that it is insecure and that a buffer overflow ...

  1. #1
    Registered User
    Join Date
    Feb 2005
    Posts
    3

    i have problem with my code...

    Hello,

    I have written a small password program but was told that it is insecure and that a buffer overflow could be executed with it.
    I have tried to secure it by using help I found on this site.

    The problem occurs only when I enter the wrong username and correct password. The out put is like this:
    C:\Dev-Cpp\jayton>pass4

    Username: root //correct username

    Password: toor //correct password

    Welcome

    C:\Dev-Cpp\jayton>pass4

    Username: flag //wrong username
    toor //does'nt ask for password, this is the correct password

    Welcome

    Code:
    /***** code starts here ******/
    //pass5.c    
    // http://faq.cprogramming.com/cgi-bin/smartfaq.cgi?answer=1057537653&id=1043284385
    
    
    #include <stdio.h> 
    #include <string.h> 
    
    int main(void)
    {
      char user1[] = "root";
      char user2[6];
      char pass1[] = "toor";
      char pass2[6];  
      char *p = strchr(user2, '\n');
      char *p2 = strchr(pass2, '\n');
      
      printf ("\nUsername: ");
      fflush(stdout);
      if (fgets(user2, sizeof(user2), stdin))
      {
             if (p) *p = '\0';
        
        printf ("\nPassword: "); 
        fflush(stdout);
        if (fgets(pass2, sizeof(pass2), stdin))
      {
    
         // printf ("\nyou entered %s as your username\n", user2); // uncomment this for testing purposes.
         
        if (p2) *p2 = '\0';
        if (strcmp(user1, user2) == 0)
        if (strcmp(pass1, pass2) == 0)
          printf ("\nWelcome!\n", user1);
    
        else
          printf ("\nInvalid username and/or password!\n");
      }}
      
      return 0;
    }
    
    
    /***** code ends here *****/
    thanks in advance,
    Jayton

  2. #2
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,796
    Your logic seems to be flawed with the if statements. Remember that without braces, an else clause will always bind to the nearest if clause. But the biggest problem is that you call strchr on uninitialized arrays:
    Code:
    #include <stdio.h> 
    #include <string.h> 
    
    int main(void)
    {
      char user1[] = "root";
      char user2[6];
      char pass1[] = "toor";
      char pass2[6];  
    
      printf ("\nUsername: ");
      fflush(stdout);
      if (fgets(user2, sizeof(user2), stdin))
      {
        char *p = strchr(user2, '\n');
        if (p) *p = '\0';
    
        printf ("\nPassword: "); 
        fflush(stdout);
        if (fgets(pass2, sizeof(pass2), stdin))
        {
          char *p2 = strchr(pass2, '\n');
          if (p2) *p2 = '\0';
          if (strcmp(user1, user2) == 0) {
            if (strcmp(pass1, pass2) == 0)
              printf ("\nWelcome!\n", user1);
          }
          else
            printf ("\nInvalid username and/or password!\n");
        }
      }
    
      return 0;
    }
    [edit]
    By the way, toor is a really bad password. Especially for a user named root.
    [/edit]
    Last edited by Prelude; 02-14-2005 at 12:38 PM.
    My best code is written with the delete key.

  3. #3
    Registered User
    Join Date
    Feb 2005
    Posts
    3
    Thanks for getting back,

    Good point, I have recompiled the code you posted and ran the program and found that when you enter the username correct and password wrong it does not print "Invalid and/or password!" Now does this mean that the program aborted for some reason or is not parsing the data correctly or skipping the last printf statement?

    The username/password do not matter as they can be changed to suit the needs of the user implementing the program.

  4. #4
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,796
    >Now does this mean that the program aborted for some reason or is not parsing
    It means I forgot to add all of the code I meant to. If you print the error for the outer if statement then nothing will be printed if the password is incorrect. If you print the error for the inner if statement then nothing will be printed if the user name is incorrect. So you need to print the error for both:
    Code:
    if (strcmp(user1, user2) == 0) {
      if (strcmp(pass1, pass2) == 0)
        printf ("\nWelcome!\n", user1);
      else
        printf ("\nInvalid username and/or password!\n");
    }
    else
      printf ("\nInvalid username and/or password!\n");
    My best code is written with the delete key.

  5. #5
    Registered User
    Join Date
    Feb 2005
    Posts
    3

    is this buffer-overflow free?

    Hello,
    I've added comments and used strncmp instead of strcmp, the thing I want to know is if this program is buffer-overflow free?

    Also does anyone know how to test if my programs are at risk of being exploited? or do you know of a website that discusses this?

    Code:
    #include <stdio.h> 
    #include <string.h> 
    //#include <signal.h>  //uncomment this to disable ctrl-c on UNIX type systems, but ctrl-z will still work.
    
    int main(void)
    {
      char user1[] = "root";    //Change this to the username you want to use to login with.
      char user2[6];            //Number of char's in variable user1 + 2 (new line char and NULL char)
      char pass1[] = "toor";    //Change this to the password you want to use to login with.
      char pass2[6];            //Number of char's in variable pass1 + 2 (new line char and NULL char)
    
    
    signal(SIGINT, SIG_IGN);
    
    
    
    /**********************************/
    /* gets the username from keyboard*/
    /**********************************/
            printf ("\nUsername: ");
            fflush(stdout);
        if (fgets(user2, sizeof(user2), stdin))
      {
            char *p = strchr(user2, '\n');
        if (p) *p = '\0';
    
    /**********************************/
    /* gets the password from keyboard*/    
    /**********************************/
                printf ("\nPassword: "); 
                fflush(stdout);
        if (fgets(pass2, sizeof(pass2), stdin))
                       {
                char *p2 = strchr(pass2, '\n');
          if (p2) *p2 = '\0';
    
    
    /***********************************************************/
    /*compares and verifys user input for username and password*/
    /***********************************************************/
          if (strncmp(user1, user2, 4) == 0) 
          {
          if (strncmp(pass1, pass2, 4) == 0)
    
    /************************************************************************/
    /*prints "Welcome <username>!" if both username and password are correct*/
    /************************************************************************/
                         printf ("\nWelcome %s!\n",user1);
             else
    
    /*************************************************************************/
    /*prints "Invalid username and/or password!" if the username is incorrect*/
    /*************************************************************************/
                         printf ("\nInvalid username and/or password!\n");
           }
    
    
    /*************************************************************************/
    /*prints "Invalid username and/or password!" if the username is incorrect*/
    /*************************************************************************/
            else
                         printf ("\nInvalid username and/or password!\n");
        }
      }
    /**********************************************/
    /*returns control back to the operating system*/
    /**********************************************/
      return 0;
    }

  6. #6
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,796
    >I've added comments
    The C style comments are way over the top. You can remove all of them and not lose an ounce of clarity. The C++ style comments are not technically legal unless you're compiling as C99, but at least they're relatively descriptive beyond what the code says.

    >and used strncmp instead of strcmp
    Why? Now you've just locked the program to 4 character long user names and passwords. strncmp won't save you from buffer overflow (as that seems to be your reason for the change) unless one of the strings isn't '\0' terminated after the limit.

    >the thing I want to know is if this program is buffer-overflow free?
    It's not in any immediate danger, if that's what you're worried about.
    My best code is written with the delete key.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Code problem
    By sybariticak47 in forum C++ Programming
    Replies: 9
    Last Post: 02-28-2006, 10:50 AM
  2. Problem with game code.
    By ajdspud in forum C++ Programming
    Replies: 5
    Last Post: 02-14-2006, 05:39 PM
  3. problem with selection code
    By DavidP in forum Game Programming
    Replies: 1
    Last Post: 06-14-2004, 01:05 PM
  4. Replies: 5
    Last Post: 12-03-2003, 04:47 PM
  5. Help with code for simple Y2K problem
    By Mule in forum C++ Programming
    Replies: 3
    Last Post: 03-05-2003, 11:53 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21