这容易受到堆栈溢出的影响吗? [英] Is this vulnerable to a stack overflow?
问题描述
void gctinp (char *inp, int siz)
{
puts ("Input value: ");
fgets (inp, siz, stdin);
printf ("buffer3 getinp read %s", inp);
}
根据我的阅读,当您想限制输入的大小时,应该使用fgets.因此,此代码不应该容易受到攻击吗?
From what I've read, fgets is supposed to be used when you want to limit the size of input. So this code shouldn't be vulnerable right?
它被这样称呼:
int main (int argc, char *argv[])
{
char buf[16];
getinp (buf, sizeof (buf));
display (buf);
printf ("buffer3 done\n");
}
感谢您的时间.
推荐答案
如果输入的字符数超出安全存储的字符数,则不会出现缓冲区溢出问题,因为fgets
会限制输入.它还添加了一个空终止符(当然,假定缓冲区的大小大于0).
You won't strike buffer overflow problems if you enter more characters than can be safely stored since fgets
restricts the input. It also adds a null terminator (assuming buffer size is greater than 0, of course).
但是,您将遇到问题,下次您尝试阅读某些内容时会将信息保留在输入缓冲区中-这是用户会非常烦恼的内容,输入类似hello again
的内容,然后将其视为两个单独的输入,例如hello ag
和ain
. fgets
并没有指示它在行尾之前停止检索输入,因此,据您的代码所知,一切都很好.
However, you will have problems with information being left in the input buffer the next time you try to read something - this is something that users will find very annoying, entering something like hello again
and having it treated as two separate inputs like hello ag
and ain
. And there's no indication given by fgets
that it stopped retrieving input before the end of the line so, as far as your code is aware, everything is fine.
您需要注意的主要事情(输入上的缓冲区溢出)至少是具有无限制的%s
格式字符串和gets
的scanf
,该字符串没有大小限制参数,两个都没有在您的代码中.
The major things you need to look out for (re buffer overflows on input) are, at a minimum, scanf
with an unbounded %s
format string and gets
, which has no limiting size argument, neither of which are in your code.
如果您正在寻找具有大小限制,提示和缓冲区清除功能的更强大的输入解决方案,请查看此代码,其中提供了所有这些功能:
If you're looking for a more robust input solution with size limiting, prompting and buffer clearing, check out this code, which provides all those features:
#include <stdio.h>
#include <string.h>
#define OK 0
#define NO_INPUT 1
#define TOO_LONG 2
static int getLine (char *prmpt, char *buff, size_t sz) {
int ch, extra;
// Get line with buffer overrun protection.
if (prmpt != NULL) {
printf ("%s", prmpt);
fflush (stdout);
}
if (fgets (buff, sz, stdin) == NULL)
return NO_INPUT;
// If it was too long, there'll be no newline. In that case, we flush
// to end of line so that excess doesn't affect the next call.
if (buff[strlen(buff)-1] != '\n') {
extra = 0;
while (((ch = getchar()) != '\n') && (ch != EOF))
extra = 1;
return (extra == 1) ? TOO_LONG : OK;
}
// Otherwise remove newline and give string back to caller.
buff[strlen(buff)-1] = '\0';
return OK;
}
// Test program for getLine().
int main (void) {
int rc;
char buff[10];
rc = getLine ("Enter string> ", buff, sizeof(buff));
if (rc == NO_INPUT) {
// Extra NL since my system doesn't output that on EOF.
printf ("\nNo input\n");
return 1;
}
if (rc == TOO_LONG) {
printf ("Input too long [%s]\n", buff);
rc = getLine ("Hit ENTER to check remains> ", buff, sizeof(buff));
printf ("Excess [%s]\n", buff);
return 1;
}
printf ("OK [%s]\n", buff);
return 0;
}
然后进行一些基本测试:
And, doing some basic tests:
pax> ./prog
Enter string> [CTRL-D]
No input
pax> ./prog
Enter string> x
OK [x]
pax> ./prog
Enter string> hello
OK [hello]
pax> ./prog
Enter string> hello from earth
Input too long [hello fro]
Hit ENTER to check remains> [ENTER]
Excess []
pax> ./prog
Enter string> i am pax
OK [i am pax]
这篇关于这容易受到堆栈溢出的影响吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!