I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last 3 hours...still in vain...can someone give me a hint??

#include <iostream>

main()
{
char command[40]; // Send command to
int time_of_day; // Avoid replay attack?
const bool ever = 1;

for ( ;ever; )
{
cin >> time_of_day >> command;
cout << "Command was " << command << " at time " << time_of_day << endl;
}
}

if we try input:
13 report
13 shoot-to-kill
15 shoot only if they shoot first
12:00 fire


how can someone perform a denial of service attack on this server? This same error was present in NT4, prior to service pack 2. This problem is difficult to fix with the C++ stream library, but easy to fix with C's I/O library:
#include <stdio.h>

#define ever 1

main()

{ char command[40]; // Send command to
int time_of_day; // Avoid replay attack?

for ( ;ever; )
{
scanf("%d %[^\n]",&time_of_day,command);
printf("Command %s at time %d\n",command,time_of_day);
}
}


The regular expression matcher %[^\n] means `match any object consisting of any character up to end of line'.
Why is it safer now?

this is just a guess - i don't work too much with servers. offhand, i would say that it's possible that on the C++, a string could be sent like this

time_of_day command
12345 "getafile\nDoSattack" (humor me here. i don't know anything about server commands )

with an embedded \n character - any command executed would then be run as two commands. with C, only the first command would be executed.

Your program doesn't actually execute the 'command', but buffer-onderrun is still possible (your buffer is only 40 bytes, and the input string can have any length.) I suggest using fgets(3) and strtok(3).

1 members found this post helpful.

there was spam which resurrected this thread ( I reported that spam )
I guess still popped up on new posts lists even after deleted

Just adding context in case people think you resurrected it

2 members found this post helpful.