简单的c代码 [英] simple c-code
问题描述
大家好。我正在学习计算机安全,我得到了这个简短的简单(?)c代码。在这段代码中有些东西是合乎逻辑的错误,如果
在某人的错误手中使用,可以利用它。
这是代码:
main()
{char buffer [1024];
GetPassword(缓冲区) ;
....
}
/ ***** /
int GetPassword(char * buffer,char * username)
{
....
}
现在,我不是程序员,但是这个程序中逻辑错误
是函数接受参数是否正确,只有1
参数发送给它?这会被滥用吗?
asterix与指针有关。 *缓冲区意味着
正在处理原始缓冲区变量,或者是什么?
我希望任何人都可以帮助我从这段代码中获取一些想法。
Hi all. I am studying computer security, and I got this short and
simple (?) c-code. Something is logical wrong in this code, and if
used in the wrong hands of someone, it could be taken advantage of.
Here is the code:
main ()
{ char buffer[1024];
GetPassword(buffer);
....
}
/*****/
int GetPassword (char *buffer,char *username)
{
....
}
Now, I am not a programmer, but is it correct that the logical fault
in this program is that the function takes to arguments, and only 1
argument is sent to it? Could this be misused`?
The asterix has something to do with pointers. *buffer means that it
is working on the original buffer-variable, or what?
I hope anyone can help me get some ideas out of this code.
推荐答案
Tommy< to *********** @ hotmail.com>潦草地写道:
Tommy <to***********@hotmail.com> scribbled the following:
大家好。我正在学习计算机安全,我得到了这个简短的(?)c代码。在这段代码中有些东西是合乎逻辑的错误,如果在某人的错误手中使用它,它可以被利用。
这是代码:
main()
{char buffer [1024];
GetPassword(缓冲区);
...
}
/ ***** /
int GetPassword(char * buffer,char * username)
{
...
}
现在,我不是程序员,但是这个程序中的逻辑错误是函数接受参数是否正确,并且只是1
参数发送给它?这会被滥用吗?
这确实是不正确的设计,但不一定是致命的,因为GetPassword永远不会使用参数用户名来获取任何东西。但是如果它确实是
,那么它会导致未定义的行为,这可能会导致
致命结果,例如整个程序崩溃。
asterix与指针有关。 *缓冲区意味着它正在处理原始缓冲区变量,或者是什么?
Asterisk! "埃斯特里克斯"是一个漫画人物,一个生活在公元前50年的Gaulish战士,身上有一个黄色的小胡子。并且喝了魔法药水。
是的,一元星号操作意味着指针类型。但是,它的b $ b并不意味着它在原始缓冲区运行
变量。这样的事情被称为通过引用传递。并且不可能
in C.它的作用是对原始缓冲区的* contents *进行操作
变量。如果在缓冲区变量上使用[]运算符,则在main和GetPassword中获得相同内存位置
。
我希望任何人都可以帮助我获得一些想法超出此代码。
Hi all. I am studying computer security, and I got this short and
simple (?) c-code. Something is logical wrong in this code, and if
used in the wrong hands of someone, it could be taken advantage of. Here is the code: main ()
{ char buffer[1024]; GetPassword(buffer); ...
} /*****/ int GetPassword (char *buffer,char *username) {
...
}
Now, I am not a programmer, but is it correct that the logical fault
in this program is that the function takes to arguments, and only 1
argument is sent to it? Could this be misused`?
This is indeed incorrect design, but not necessarily fatal, as long
as GetPassword never uses the argument username for anything. If it
does, though, then it causes undefined behaviour, which can have
fatal results, for example the whole program crashing.
The asterix has something to do with pointers. *buffer means that it
is working on the original buffer-variable, or what?
Asterisk! "Asterix" is a comic book figure, a Gaulish warrior with a
yellow moustache, who lived in 50 B.C. and drank magic potion.
Yes, the unary asterisk operation means a pointer type. However, it
does not mean here that it is operating on the original buffer
variable. Such a thing is called "pass by reference" and is impossible
in C. What it does is operate on the *contents* of the original buffer
variable. If you use the [] operator on the buffer variable, you get
the same memory locations both in main and in GetPassword.
I hope anyone can help me get some ideas out of this code.
-
/ - Joona Palaste(pa*****@cc.helsinki.fi) -------------芬兰-------- \
\ ---------------- ----------------------------------------规则! -------- /
嘘!大师正在分解!
- Gary Larson
--
/-- Joona Palaste (pa*****@cc.helsinki.fi) ------------- Finland --------\
\-------------------------------------------------------- rules! --------/
"Shh! The maestro is decomposing!"
- Gary Larson
Tommy写道:
大家好。我正在学习计算机安全,我得到了这个简短的(?)c代码。这段代码中存在逻辑错误,如果
^逻辑上?用在某人的错误手中,可以利用它。
这是代码:
main()
缺少返回值。
{char buffer [1024];
GetPassword(缓冲区);
缺少功能声明。固定大小的缓冲区而不传递边界。
int GetPassword(char * buffer,char * username)
实际函数签名与上面的用法不匹配。
现在,我不是程序员,但是这个程序中的逻辑错误是函数接受参数是否正确,并且只发送了1个参数?
该函数需要两个参数,但只调用一个参数。
这可能被误用了吗?
任何事情都可能发生,你已经离开了格式良好的地方C.
asterix与指针有关。 *缓冲区意味着它正在处理原始缓冲区变量,或者是什么?
Hi all. I am studying computer security, and I got this short and
simple (?) c-code. Something is logical wrong in this code, and if ^ logically? used in the wrong hands of someone, it could be taken advantage of.
Here is the code:
main ()
Missing return value.
{ char buffer[1024];
GetPassword(buffer);
Missing function declaration. Fixed size buffer without passing bounds.
int GetPassword (char *buffer,char *username)
Real function signature does not match usage above.
Now, I am not a programmer, but is it correct that the logical fault
in this program is that the function takes to arguments, and only 1
argument is sent to it?
The function wants two arguments but it is called with only one.
Could this be misused`?
Anything could happen, you have left the grounds of well-formed C.
The asterix has something to do with pointers. *buffer means that it
is working on the original buffer-variable, or what?
抱歉,你真的需要一本关于C的书,
解释需要很长时间。你可以做些什么来理解这个代码是编译它和
看看生成的程序集,以防你可以阅读。
Uli
" Tommy"写道:
"Tommy" writes:
大家好。我正在学习计算机安全,我得到了这个简短的(?)c代码。在这段代码中有些东西是合乎逻辑的错误,如果在某人的错误手中使用它,就可以利用它。
这是代码:
main()
{char buffer [1024];
GetPassword(缓冲区);
...
}
/ ***** /
int GetPassword(char * buffer,char * username)
Hi all. I am studying computer security, and I got this short and
simple (?) c-code. Something is logical wrong in this code, and if
used in the wrong hands of someone, it could be taken advantage of.
Here is the code:
main ()
{ char buffer[1024];
GetPassword(buffer);
...
}
/*****/
int GetPassword (char *buffer,char *username)
你确定吗你复制了这个吗?这甚至不应该运行。无法运行的代码
不会出现安全问题。
Are you sure you copied this correctly? This should not even run. Code
that can not run does not present a security problem.
这篇关于简单的c代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
