a young and nervous student

This is a discussion on a young and nervous student within the C++ Programming forums, part of the General Programming Boards category; I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last ...

  1. #1
    iam3
    Guest

    Unhappy a young and nervous student

    I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last 3 hours...still in vain...can someone give me a hint??

    #include <iostream>

    main()
    {
    char command[40]; // Send command to
    int time_of_day; // Avoid replay attack?
    const bool ever = 1;

    for ( ;ever; )
    {
    cin >> time_of_day >> command;
    cout << "Command was " << command << " at time " << time_of_day << endl;
    }
    }

    if we try input:
    13 report
    13 shoot-to-kill
    15 shoot only if they shoot first
    12:00 fire

    **************************************************
    how can someone perform a denial of service attack on this server?
    **************************************************
    IF YOU KNOW ABOUT C THEN READ THIS....

    This same error was present in NT4, prior to service pack 2. This problem is difficult to fix with the C++ stream library, but easy to fix with C's I/O library:
    #include <stdio.h>

    #define ever 1

    main()

    { char command[40]; // Send command to
    int time_of_day; // Avoid replay attack?

    for ( ;ever; )
    {
    scanf("%d %[^\n]",&time_of_day,command);
    printf("Command %s at time %d\n",command,time_of_day);
    }
    }


    The regular expression matcher %[^\n] means `match any object consisting of any character up to end of line'.
    Why is it safer now?

  2. #2
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,505
    > Why is it safer now?
    It isn't.

    Neither limits the input to 40 characters, therefore both are just a vunerable buffer overflow.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  3. #3
    Unregistered
    Guest
    May speculation--the difference between C and C++ with regard to data input validation.

    if you input a string like 12:00 when the stream is expecting an int like 15 you will crash the program unless you explicitly write for error handling capabilities . I don't believe the same will happen with scanf() but I don't use scanf() often enough to know for sure.

Popular pages Recent additions subscribe to a feed

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21