ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last 3 hours...still in vain...can someone give me a hint??
#include <iostream>
main()
{
char command[40]; // Send command to
int time_of_day; // Avoid replay attack?
const bool ever = 1;
for ( ;ever; )
{
cin >> time_of_day >> command;
cout << "Command was " << command << " at time " << time_of_day << endl;
}
}
if we try input:
13 report
13 shoot-to-kill
15 shoot only if they shoot first
12:00 fire
how can someone perform a denial of service attack on this server? This same error was present in NT4, prior to service pack 2. This problem is difficult to fix with the C++ stream library, but easy to fix with C's I/O library:
#include <stdio.h>
#define ever 1
main()
{ char command[40]; // Send command to
int time_of_day; // Avoid replay attack?
for ( ;ever; )
{
scanf("%d %[^\n]",&time_of_day,command);
printf("Command %s at time %d\n",command,time_of_day);
}
}
The regular expression matcher %[^\n] means `match any object consisting of any character up to end of line'.
Why is it safer now?
Click here to see the post LQ members have rated as the most helpful post in this thread.
Your program doesn't actually execute the 'command', but buffer-onderrun is still possible (your buffer is only 40 bytes, and the input string can have any length.) I suggest using fgets(3) and strtok(3).
Your program doesn't actually execute the 'command', but buffer-onderrun is still possible (your buffer is only 40 bytes, and the input string can have any length.) I suggest using fgets(3) and strtok(3).
there was spam which resurrected this thread ( I reported that spam )
I guess still popped up on new posts lists even after deleted
Just adding context in case people think you resurrected it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.