int func(char* str)
{
char buffer[100];
unsigned short len = strlen(str);
if(len >= 100)
{
return (-1);
}
strncpy(buffer,str,strlen(str));
return 0;
}
It's a school assignment. They want us to write why this code is weak against buffer overflows But I can't figure it out no matter how much I think about it. Do I have to set it to int instead of short?
security c buffer-overflow
In most compilers, the maximum value for unsinged short
is 65535.
Therefore, a buffer overflow occurs when a string over 65535 length is entered from this code.
Also, the buffer size is 100 and the string over 100 in length should not come in.
When saving the return value of strlen()
, you must use size_t
instead of unsigned short
You must memcpy
when this length is greater than or equal to the buffer length.
char buffer[100];
size_t len = strlen(str);
if (len >= sizeof(buffer) / sizeof(buffer[0])) return -1;
memcpy(buffer, str, len + 1);
618 Uncaught (inpromise) Error on Electron: An object could not be cloned
915 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error
572 rails db:create error: Could not find mysql2-0.5.4 in any of the sources
574 Who developed the "avformat-59.dll" that comes with FFmpeg?
© 2024 OneMinuteCode. All rights reserved.