的博文被鄭重其事地轉來轉去( google了一下,居然有154,000條結果,其中不乏一些知名的技術網站),感到非常滑稽。因為那明擺著是一篇垃圾文,質量低下,漏洞比比皆是。其中基本上沒有多少技術營養,倒是有很多技術毒素。
,有些人潛意識裡可能以為外文的東西會很有技術含量。但實際上洋文中也有垃圾,洋人中也有很多外行,正如國外也有老譚《C語言程序設計》那種門外漢寫得暢銷垃圾書(譬如郵電社翻譯的《寫給大家看的C語言書》,參見 )一樣。對國外的東西同樣不能盲從輕信,不能根據暢銷程度或轉發多少更不能僅僅根據其名字來判斷技術價值。
int main(void) { char buff[10]; memset(buff,0,sizeof(buff)); gets(buff); printf("\n The buffer entered is [%s]\n",buff); return 0; }
memset(buff,0,sizeof(buff));
char buff[10] = { '\0' };
#include<stdio.h> int main(int argc, char *argv[]) { int flag = 0; char passwd[10]; memset(passwd,0,sizeof(passwd)); strcpy(passwd, argv[1]); if(0 == strcmp("LinuxGeek", passwd)) { flag = 1; } if(flag) { printf("\n Password cracked \n"); } else { printf("\n Incorrect passwd \n"); } return 0; }
Answer: Yes. The authentication logic in above password protector code can be compromised by exploiting the loophole of strcpy() function. This function copies the password supplied by user to the ‘passwd’ buffer without checking whether the length of password supplied can be accommodated by the ‘passwd’ buffer or not. So if a user supplies a random password of such a length that causes buffer overflow and overwrites the memory location containing the default value ’0′ of the ‘flag’ variable then even if the password matching condition fails, the check of flag being non-zero becomes true and hence the password protection is breached.
For example :
$ ./psswd aaaaaaaaaaaaa
Password cracked
So you can see that though the password supplied in the above example is not correct but still it breached the password security through buffer overflow.
To avoid these kind of problems the function strncpy() should be used.
Note from author : These days the compilers internally detect the possibility of stack smashing and so they store variables on stack in such a way that stack smashing becomes very difficult. In my case also, the gcc does this by default so I had to use the the compile option ‘-fno-stack-protector’ to reproduce the above scenario.
memset(passwd,0,sizeof(passwd));
]指向的字符串就可以了。
#include<stdio.h> main( argc, * passwd[], ( strcmp(, argv[] ) == //( strcmp(, passwd) ==
