fprintf(stderr, argv[1]); ???
On 9月28日, 上午9时43分, Raullen <[EMAIL PROTECTED]> wrote:
> 以下是源代码,至少有一个security问题 可以导致溢出 得到rootshell
> 平台式Linux 标准C函数库
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <syslog.h>
>
> int main(int argc, char **argv)
> {
> int max;
> char *composites;
> int curprime = 0, curcomp = 0;
>
> if (argc < 2) {
> fprintf(stderr, "Usage: %s max\nOutputs the primes from 2 to max\n",
> argv[0]);
> return 1;
> }
>
> max = atoi(argv[1]);
> printf("%ld\n",max);
> if (max == 0 && strcmp(argv[1], "0")) {
> /* argv[1] wasn't a number */
> fprintf(stderr, "Supplied argument not a number: ");
> fprintf(stderr, argv[1]);
> fprintf(stderr, "\n");
> return 1;
> }
> if (max < 2 || max > 1000000) {
> fprintf(stderr, "Supplied argument out of range.\n");
> return 1;
> }
> composites = calloc(1,max+1);
> /* 0 and 1 are not prime */
> composites[0] = composites[1] = 1;
>
> while(1) {
> /* Find the smallest number not yet marked as composite */
> do {
> ++curprime;
> } while (curprime <= max && composites[curprime]);
>
> if (curprime > max) {
> /* We're done */
> return 0;
> }
>
> printf("%d\n", curprime);
> /* Mark all multiples of curprime as composite */
> curcomp = 2*curprime;
> while (curcomp <= max) {
> composites[curcomp] = 1;
> curcomp += curprime;
> }
> }
>
> }
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 [email protected]
要退订此邮件,请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
