Re: [DNG] Systemd Shims

shraptor Wed, 19 Aug 2015 11:15:30 -0700

How to learn C if you don't try it?

You have to code in it to learn the lessons.
Just reading a book about it isn't the same.



On 2015-08-19 20:09, Edward Bartolo wrote:

Effectively, you are telling me don't play Russian Roulette with C.
But I like powerful languages that leave the coder in the wilderness
without any hand holding, and C is definitely like that. That is why I
am motivated to use it. The power inherent in C is due to it not
getting in the way of the coder, and I like that.



On 19/08/2015, Rainer Weikusat <[email protected]> wrote:

Rainer Weikusat <[email protected]> writes:

Edward Bartolo <[email protected]> writes:
I am not assuming anything and understand the risks of buffer
overflows. The first step I am taking is to make the code function.
The second step is further debug it until it behaves properly andthe
third step is to correct any potential security issues.
Realistically, the first step is 'make the code function', the second
step is 'graduate from university based on your thesis' and the 3rdwas
called 'heartbleed', IOW, that's not going to happen in this way. If
you're doing string processing in C, try to do it correctly from the
start. That's much easier than retrofitting proper length/ sizehandling
onto
some working code.


Example program showing a safe/ secure (and somewhat simplified)
saveFile:

--------
#include <alloca.h>
#include <stdio.h>
#include <string.h>

#define IFACE_TMPL \
        "auto lo\n" \
        "iface lo inet loopback\n\n" \
        "iface wlan0 inet dhcp\n" \
        "    wpa-ssid %s\n" \
        "    wpa-psk \"%s\"\n"

#define IFACES_PATH "/tmp"

static void saveFile(char* essid, char* pw) //argv[1], argv[2]
{
        char *path;
        FILE *fp;
        unsigned p_len, e_len;

        p_len = strlen(IFACES_PATH);
        e_len = strlen(essid);
        path = alloca(p_len + e_len + 2);

        strcpy(path, IFACES_PATH);
        path[p_len] = '/';
        strcpy(path + p_len + 1, essid);

        fp = fopen(path, "ab+");
        fprintf(fp, IFACE_TMPL, essid, pw);
        fclose(fp);
}

int main(int argc, char **argv)
{
        saveFile(argv[1], argv[2]);
        return 0;
}
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Systemd Shims

Reply via email to