ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm just starting to learn C from scratch, and have bought the classic Kernigan and Ritchie book to work through. However, as soon as I get to example code that starts using EOF, I'm running into problems.
I have stdio.h included in my program, and am trying to use the getchar function as follows:
main()
{
int c;
c = getchar();
while (c != EOF) {
putchar(c);
c = getchar();
}
}
EOF is defined as -1 as I believe it should be, but I don't know how to trigger EOF to end the program!
I first assumed when looking at the example that just not typing anything would result in the stdin stream becoming empty, but then realised that I'd have to type very fast indeed for the buffer not to become empty
How does this work? How should I indicate to the program that I've finished inputting characters?
You should check for EOF only when working with files, while for normal console based operations, it is generally not required. You can just use scanf in C for this purpose.
with things like redirection and pipes how do you know whether stdin is a file or not? also as nowonmai says the only scanf based function you should ever call is sscanf or vsscanf, after youve got the input safely saved in a buffer.
there are quite a few problems with it but the main one is bounds checking, look at the following example
Code:
char x[20];
scanf("%s", x);
now what happens when i type 25 or 30 characters? try and see
what you should get at best is a segfault(actually a buffer overflow) but people who know what they are doing can manipulate this to give them various privilages
ive just stolen this link from another post but this explains in detail what a buffer overflow is: http://destroy.net/machines/security/P49-14-Aleph-One
As you've probably been able to tell, I'm very much at the beginning of my C education, but does this mean that most of the C code I'm going to write according to text books is potentially insecure? Are there secure alternatives to the standard I/O functions provided by stdio.h?
Sorry for taking up so much of your time, I'd just like to learn to do things the *right* way rather than have to relearn everything later.
nothing is 100% secure, so there is no 'right' way to do things but some things are more secure than others, fgets is a lot better than scanf for example.
i personally think the best for you would just be to follow the book until you get a good understanding of the language. once you have a good understanding then you can start playing about with making things more secure.
the best way to learn how to write secure code, imo is to write normal code and try to break it, then improve it so you cant break it that way, then try and break it another way. by doing this repeatedly you'll have a much greater understanding of how to write secure code than just knowing not to use scanf.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.