Thread: a young and nervous student

  1. #1
    iam3
    Guest

    Unhappy a young and nervous student

    I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last 3 hours...still in vain...can someone give me a hint??

    #include <iostream>

    main()
    {
    char command[40]; // Send command to
    int time_of_day; // Avoid replay attack?
    const bool ever = 1;

    for ( ;ever; )
    {
    cin >> time_of_day >> command;
    cout << "Command was " << command << " at time " << time_of_day << endl;
    }
    }

    if we try input:
    13 report
    13 shoot-to-kill
    15 shoot only if they shoot first
    12:00 fire

    **************************************************
    how can someone perform a denial of service attack on this server?
    **************************************************
    IF YOU KNOW ABOUT C THEN READ THIS....

    This same error was present in NT4, prior to service pack 2. This problem is difficult to fix with the C++ stream library, but easy to fix with C's I/O library:
    #include <stdio.h>

    #define ever 1

    main()

    { char command[40]; // Send command to
    int time_of_day; // Avoid replay attack?

    for ( ;ever; )
    {
    scanf("%d %[^\n]",&time_of_day,command);
    printf("Command %s at time %d\n",command,time_of_day);
    }
    }


    The regular expression matcher %[^\n] means `match any object consisting of any character up to end of line'.
    Why is it safer now?

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > Why is it safer now?
    It isn't.

    Neither limits the input to 40 characters, therefore both are just a vunerable buffer overflow.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Unregistered
    Guest
    May speculation--the difference between C and C++ with regard to data input validation.

    if you input a string like 12:00 when the stream is expecting an int like 15 you will crash the program unless you explicitly write for error handling capabilities . I don't believe the same will happen with scanf() but I don't use scanf() often enough to know for sure.

Popular pages Recent additions subscribe to a feed