linux如何修补此代码 [英] linux how to patch this code
本文介绍了linux如何修补此代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
#include <WhatHere?>
#include <WhatHere?>
#include <WhatHere?>
int main(int argc, char **argv) {
char command[50] = "echo ";
strcat(command,argv[1]); // concatenate the input so that the final command is "echo <input>"
system(command); // call the system() function to print the input
return 0; // denote that the program has finished executing successfully
}
我们能否获得远程访问通过运行此代码?我知道有可能,但请帮助我进行修补。
Can we get a remote access by running this code ? I know it is possible but please help me patch it up.
推荐答案
假设您担心潜在的缓冲区溢出,您可以这样解决:
Assuming that you're worried about the potential buffer overflow, you could fix it like this:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main (int argc, char **argv) {
char *command;
if (argc != 2) {
fprintf (stderr, "Wrong number of arguments\n");
return 1;
}
if ((command = malloc (strlen (argv[1]) + 6)) == NULL) {
fprintf (stderr, "Could not allocate memory\n");
return 1;
}
strcpy (command, "echo ");
strcat(command,argv[1]);
system(command);
free (command);
return 0;
}
这为 echo 提供了足够的空间code>(5),
argv [1]
(字符串长度)和空终止符(1)。
This makes enough room for "echo "
(5), argv[1]
(string length) and the null terminator (1).
允许运行用户指定的内容仍然是潜在的危险,但是至少您不会再出现缓冲区溢出了。
It's still potentially dangerous allowing user-specified stuff to be run but at least you won't get buffer overflows any more.
这篇关于linux如何修补此代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文