LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 11-01-2001, 01:19 PM   #1
iam3
LQ Newbie
 
Registered: Oct 2001
Posts: 5

Rep: Reputation: 0
Unhappy a student


I know nothing about C++...got this exercise in a course about security...have been trying to understand this problem for last 3 hours...still in vain...can someone give me a hint??

#include <iostream>

main()
{
char command[40]; // Send command to
int time_of_day; // Avoid replay attack?
const bool ever = 1;

for ( ;ever; )
{
cin >> time_of_day >> command;
cout << "Command was " << command << " at time " << time_of_day << endl;
}
}

if we try input:
13 report
13 shoot-to-kill
15 shoot only if they shoot first
12:00 fire


how can someone perform a denial of service attack on this server? This same error was present in NT4, prior to service pack 2. This problem is difficult to fix with the C++ stream library, but easy to fix with C's I/O library:
#include <stdio.h>

#define ever 1

main()

{ char command[40]; // Send command to
int time_of_day; // Avoid replay attack?

for ( ;ever; )
{
scanf("%d %[^\n]",&time_of_day,command);
printf("Command %s at time %d\n",command,time_of_day);
}
}


The regular expression matcher %[^\n] means `match any object consisting of any character up to end of line'.
Why is it safer now?
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 11-01-2001, 04:43 PM   #2
isajera
Senior Member
 
Registered: Jun 2001
Posts: 1,635

Rep: Reputation: 45
this is just a guess - i don't work too much with servers. offhand, i would say that it's possible that on the C++, a string could be sent like this

time_of_day command
12345 "getafile\nDoSattack" (humor me here. i don't know anything about server commands )

with an embedded \n character - any command executed would then be run as two commands. with C, only the first command would be executed.
 
Old 10-17-2019, 11:20 AM   #3
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 4,929
Blog Entries: 1

Rep: Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891Reputation: 1891
Your program doesn't actually execute the 'command', but buffer-onderrun is still possible (your buffer is only 40 bytes, and the input string can have any length.) I suggest using fgets(3) and strtok(3).
 
1 members found this post helpful.
Old 10-17-2019, 11:58 AM   #4
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683

Rep: Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783
Quote:
Originally Posted by NevemTeve View Post
Your program doesn't actually execute the 'command', but buffer-onderrun is still possible (your buffer is only 40 bytes, and the input string can have any length.) I suggest using fgets(3) and strtok(3).
there was spam which resurrected this thread ( I reported that spam )
I guess still popped up on new posts lists even after deleted

Just adding context in case people think you resurrected it
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A student that needs help!!! smithers_3 Linux - General 6 05-27-2005 03:00 PM
College Student Gorkhali LinuxQuestions.org Member Intro 2 02-05-2005 06:06 AM
Student Studies engnet Linux - Software 1 12-05-2004 02:09 PM
Little Help with a student... Crowe182 Linux - Newbie 1 08-16-2003 08:58 PM
a student iam3 Linux - Newbie 1 11-01-2001 04:51 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration