Re: argv from bogus argc

[Kihaguru Gathura]

Yes, I did !

Thank you.

On Mon, May 24, 2021 at 4:51 PM Omar Polo  wrote:

>
> Kihaguru Gathura  writes:
>
> > While testing to determine command line arguments passed to a cgi file
> > using the *function 1*, I receive the  message *output 1.*
> > one argument is passed and that is the name of the file.
> >
> > However, testing with a bogus number 30 for argc in *function 2*,
> discloses
> > multiple arguments beyond the last null argument argv[1] see *output 2.*
> > There is also a null value at bogus argc number 29.
> >
> > Why are these additional argv values generated?
>
> haven't you gone out-of-bound and started printing the envp?
>
> >
> >
> >
> > *Function 1:*
> >
> >
> >
> > /**/
> >
> > void TestCommandLineArguments(int argc, char *argv[])
> > {
> >   unsigned short int i = 0;
> >
> >   if (argc == 1)  /* if one command line argument is passed
> */
> >   {
> >   PrintPageUpper();
> >
> >   while(i < argc)
> >   {
> >   printf("\t\t(i = %2$d) argc: %1$d, \
> >argv[%2$d]: \"%3$s\"\n", argc, \
> >i, argv[i]);
> >   i++;
> >   }
> >
> >   PrintPageLower();
> >   exit(EXIT_SUCCESS);
> >
> >}
> >
> > if (argc != 1)
> > {
> > PrintPageUpper();
> > puts("\t\t(Multiple Arguments)");
> > PrintPageLower();
> > exit(EXIT_SUCCESS);
> > }
> > }
> >
> >
> > /**/
> >
> >
> > *Output 1:   *
> >
> > (i = 0) argc: 1, argv[0]: "//xyz/xyz.html"
> >
> >
> >
> >
> >
> >
> > *Function 2:*
> >
> >
> > /**/
> >
> > void TestCommandLineArguments(int argc, char *argv[])
> > {
> >   unsigned short int i = 0;
> >   #define BOGUS_ARGC 30
> >
> >   if (argc == 1)
> >   {
> >   PrintPageUpper();
> >
> >   while(i < BOGUS_ARGC)
> >   {
> >   printf("\t\t(i = %2$d) argc: %1$d, \
> >argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
> >i, argv[i]);
> >   i++;
> >   }
> >
> >   PrintPageLower();
> >   exit(EXIT_SUCCESS);
> >
> >}
> >
> > if (argc == 1)
> > {
> > PrintPageUpper();
> > puts("\t\t(Single Argument)");
> > PrintPageLower();
> > exit(EXIT_SUCCESS);
> > }
> > }
> >
> >
> > /**/
> >
> > *Output 2:*
> >
> >   (i = 0) argc: 30,
> argv[0]:
> > "//xyz/xyz.html"
> >   (i = 1) argc: 30,
> argv[1]: "(null)"
> >   (i = 2) argc: 30,
> argv[2]:
> > "SERVER_SOFTWARE=OpenBSD httpd"
> >   (i = 3) argc: 30,
> argv[3]:
> > "SERVER_PROTOCOL=HTTP/1.1"
> >   (i = 4) argc: 30,
> argv[4]:
> > "SERVER_NAME=xyz.com"
> >   (i = 5) argc: 30,
> argv[5]:
> > "SERVER_PORT=443"
> >   (i = 6) argc: 30,
> argv[6]:
> > "SERVER_ADDR=xyz.xyz.xy.xyz"
> >   (i = 7) argc: 30,
> argv[7]:
> > "REQUEST_URI=/xyz/xyz.html"
> >   (i = 8) argc: 30,
> argv[8]:
> > "REQUEST_METHOD=GET"
> >   (i = 9) argc: 30,
> argv[9]:
> > "REMOTE_PORT=36818"
> >   (i = 10) argc: 30,
> argv[10]:
> > "REMOTE_ADDR=xyz.xyz.xy.xyz"
> >   (i = 11) argc: 30,
> argv[11]: "HTTPS=on"
> >   (i = 12) argc: 30,
> argv[12]:
> > "HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz"
> >   (i = 13) argc: 30,
> argv[13]:
> > "HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443"
> >   (i = 14) argc: 30,
> argv[14]:
> > "HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0)
> > Gecko/20100101 Firefox/62.0"
> >   (i = 15) argc: 30,
> argv[15]:
> > "HTTP_UPGRADE_INSECURE_REQUESTS=1"
> >   (i = 16) argc: 30,
> argv[16]:
> > "HTTP_HOST=xyz.com"
> >   (i = 17) argc: 30,
> argv[17]:
> > "HTTP_CONNECTION=keep-alive"
> >   (i = 18) argc: 30,
> argv[18]:
> > "HTTP_CACHE_CONTROL=max-age=0"
> >   (i = 19) argc: 30,
> argv[19]:
> > "HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5"
> >   (i = 20) argc: 30,
> argv[20]:
> > "HTTP_ACCEPT_ENCODING=gzip, deflate, br"
> >   (i = 21) argc: 30,
> argv[21]:
> >
> "HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
> >   (i = 22) argc: 30,
> argv[22]:
> > "GATEWAY_INTERFACE=CGI/1.1"
> >   (i = 

Re: argv from bogus argc

[Omar Polo]

Kihaguru Gathura  writes:

> While testing to determine command line arguments passed to a cgi file
> using the *function 1*, I receive the  message *output 1.*
> one argument is passed and that is the name of the file.
>
> However, testing with a bogus number 30 for argc in *function 2*, discloses
> multiple arguments beyond the last null argument argv[1] see *output 2.*
> There is also a null value at bogus argc number 29.
>
> Why are these additional argv values generated?

haven't you gone out-of-bound and started printing the envp?

>
>
>
> *Function 1:*
>
>   
>
> /**/
>
> void TestCommandLineArguments(int argc, char *argv[])
> {
>   unsigned short int i = 0;
>
>   if (argc == 1)  /* if one command line argument is passed */
>   {
>   PrintPageUpper();
>
>   while(i < argc)
>   {
>   printf("\t\t(i = %2$d) argc: %1$d, \
>argv[%2$d]: \"%3$s\"\n", argc, \
>i, argv[i]);
>   i++;
>   }
>
>   PrintPageLower();
>   exit(EXIT_SUCCESS);
>
>}
>
> if (argc != 1)
> {
> PrintPageUpper();
> puts("\t\t(Multiple Arguments)");
> PrintPageLower();
> exit(EXIT_SUCCESS);
> }
> }
>
>
> /**/
>
>
> *Output 1:   *
>
> (i = 0) argc: 1, argv[0]: "//xyz/xyz.html"
>
>
>
>
>
>
> *Function 2:*
>
>
> /**/
>
> void TestCommandLineArguments(int argc, char *argv[])
> {
>   unsigned short int i = 0;
>   #define BOGUS_ARGC 30
>
>   if (argc == 1)
>   {
>   PrintPageUpper();
>
>   while(i < BOGUS_ARGC)
>   {
>   printf("\t\t(i = %2$d) argc: %1$d, \
>argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
>i, argv[i]);
>   i++;
>   }
>
>   PrintPageLower();
>   exit(EXIT_SUCCESS);
>
>}
>
> if (argc == 1)
> {
> PrintPageUpper();
> puts("\t\t(Single Argument)");
> PrintPageLower();
> exit(EXIT_SUCCESS);
> }
> }
>
>
> /**/
>
> *Output 2:*
>
>   (i = 0) argc: 30,argv[0]:
> "//xyz/xyz.html"
>   (i = 1) argc: 30,argv[1]: 
> "(null)"
>   (i = 2) argc: 30,argv[2]:
> "SERVER_SOFTWARE=OpenBSD httpd"
>   (i = 3) argc: 30,argv[3]:
> "SERVER_PROTOCOL=HTTP/1.1"
>   (i = 4) argc: 30,argv[4]:
> "SERVER_NAME=xyz.com"
>   (i = 5) argc: 30,argv[5]:
> "SERVER_PORT=443"
>   (i = 6) argc: 30,argv[6]:
> "SERVER_ADDR=xyz.xyz.xy.xyz"
>   (i = 7) argc: 30,argv[7]:
> "REQUEST_URI=/xyz/xyz.html"
>   (i = 8) argc: 30,argv[8]:
> "REQUEST_METHOD=GET"
>   (i = 9) argc: 30,argv[9]:
> "REMOTE_PORT=36818"
>   (i = 10) argc: 30,argv[10]:
> "REMOTE_ADDR=xyz.xyz.xy.xyz"
>   (i = 11) argc: 30,argv[11]: 
> "HTTPS=on"
>   (i = 12) argc: 30,argv[12]:
> "HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz"
>   (i = 13) argc: 30,argv[13]:
> "HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443"
>   (i = 14) argc: 30,argv[14]:
> "HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0)
> Gecko/20100101 Firefox/62.0"
>   (i = 15) argc: 30,argv[15]:
> "HTTP_UPGRADE_INSECURE_REQUESTS=1"
>   (i = 16) argc: 30,argv[16]:
> "HTTP_HOST=xyz.com"
>   (i = 17) argc: 30,argv[17]:
> "HTTP_CONNECTION=keep-alive"
>   (i = 18) argc: 30,argv[18]:
> "HTTP_CACHE_CONTROL=max-age=0"
>   (i = 19) argc: 30,argv[19]:
> "HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5"
>   (i = 20) argc: 30,argv[20]:
> "HTTP_ACCEPT_ENCODING=gzip, 

argv from bogus argc

[Kihaguru Gathura]

While testing to determine command line arguments passed to a cgi file
using the *function 1*, I receive the  message *output 1.*
one argument is passed and that is the name of the file.

However, testing with a bogus number 30 for argc in *function 2*, discloses
multiple arguments beyond the last null argument argv[1] see *output 2.*
There is also a null value at bogus argc number 29.

Why are these additional argv values generated?




*Function 1:*



/**/

void TestCommandLineArguments(int argc, char *argv[])
{
  unsigned short int i = 0;

  if (argc == 1)  /* if one command line argument is passed */
  {
  PrintPageUpper();

  while(i < argc)
  {
  printf("\t\t(i = %2$d) argc: %1$d, \
   argv[%2$d]: \"%3$s\"\n", argc, \
   i, argv[i]);
  i++;
  }

  PrintPageLower();
  exit(EXIT_SUCCESS);

   }

if (argc != 1)
{
PrintPageUpper();
puts("\t\t(Multiple Arguments)");
PrintPageLower();
exit(EXIT_SUCCESS);
}
}


/**/


*Output 1:   *

(i = 0) argc: 1, argv[0]: "//xyz/xyz.html"






*Function 2:*


/**/

void TestCommandLineArguments(int argc, char *argv[])
{
  unsigned short int i = 0;
  #define BOGUS_ARGC 30

  if (argc == 1)
  {
  PrintPageUpper();

  while(i < BOGUS_ARGC)
  {
  printf("\t\t(i = %2$d) argc: %1$d, \
   argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
   i, argv[i]);
  i++;
  }

  PrintPageLower();
  exit(EXIT_SUCCESS);

   }

if (argc == 1)
{
PrintPageUpper();
puts("\t\t(Single Argument)");
PrintPageLower();
exit(EXIT_SUCCESS);
}
}


/**/

*Output 2:*

(i = 0) argc: 30,argv[0]:
"//xyz/xyz.html"
(i = 1) argc: 30,argv[1]: 
"(null)"
(i = 2) argc: 30,argv[2]:
"SERVER_SOFTWARE=OpenBSD httpd"
(i = 3) argc: 30,argv[3]:
"SERVER_PROTOCOL=HTTP/1.1"
(i = 4) argc: 30,argv[4]:
"SERVER_NAME=xyz.com"
(i = 5) argc: 30,argv[5]:
"SERVER_PORT=443"
(i = 6) argc: 30,argv[6]:
"SERVER_ADDR=xyz.xyz.xy.xyz"
(i = 7) argc: 30,argv[7]:
"REQUEST_URI=/xyz/xyz.html"
(i = 8) argc: 30,argv[8]:
"REQUEST_METHOD=GET"
(i = 9) argc: 30,argv[9]:
"REMOTE_PORT=36818"
(i = 10) argc: 30,argv[10]:
"REMOTE_ADDR=xyz.xyz.xy.xyz"
(i = 11) argc: 30,argv[11]: 
"HTTPS=on"
(i = 12) argc: 30,argv[12]:
"HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz"
(i = 13) argc: 30,argv[13]:
"HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443"
(i = 14) argc: 30,argv[14]:
"HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0)
Gecko/20100101 Firefox/62.0"
(i = 15) argc: 30,argv[15]:
"HTTP_UPGRADE_INSECURE_REQUESTS=1"
(i = 16) argc: 30,argv[16]:
"HTTP_HOST=xyz.com"
(i = 17) argc: 30,argv[17]:
"HTTP_CONNECTION=keep-alive"
(i = 18) argc: 30,argv[18]:
"HTTP_CACHE_CONTROL=max-age=0"
(i = 19) argc: 30,argv[19]:
"HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5"
(i = 20) argc: 30,argv[20]:
"HTTP_ACCEPT_ENCODING=gzip, deflate, br"
(i = 21) argc: 30,argv[21]:
"HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
(i = 22) argc: 30,argv[22]:
"GATEWAY_INTERFACE=CGI/1.1"
(i = 23) argc: