:: Re: [DNG] Systemd Shims
Página Inicial
Delete this message
Reply to this message
Autor: shraptor
Data:  
Para: dng
Assunto: Re: [DNG] Systemd Shims
How to learn C if you don't try it?

You have to code in it to learn the lessons.
Just reading a book about it isn't the same.


On 2015-08-19 20:09, Edward Bartolo wrote:
> Effectively, you are telling me don't play Russian Roulette with C.
> But I like powerful languages that leave the coder in the wilderness
> without any hand holding, and C is definitely like that. That is why I
> am motivated to use it. The power inherent in C is due to it not
> getting in the way of the coder, and I like that.
>
>
>
> On 19/08/2015, Rainer Weikusat <rainerweikusat@???> wrote:
>> Rainer Weikusat <rainerweikusat@???> writes:
>>
>>> Edward Bartolo <edbarx@???> writes:
>>>> I am not assuming anything and understand the risks of buffer
>>>> overflows. The first step I am taking is to make the code function.
>>>> The second step is further debug it until it behaves properly and
>>>> the
>>>> third step is to correct any potential security issues.
>>>
>>> Realistically, the first step is 'make the code function', the second
>>> step is 'graduate from university based on your thesis' and the 3rd
>>> was
>>> called 'heartbleed', IOW, that's not going to happen in this way. If
>>> you're doing string processing in C, try to do it correctly from the
>>> start. That's much easier than retrofitting proper length/ size
>>> handling
>>> onto
>>> some working code.
>>
>> Example program showing a safe/ secure (and somewhat simplified)
>> saveFile:
>>
>> --------
>> #include <alloca.h>
>> #include <stdio.h>
>> #include <string.h>
>>
>> #define IFACE_TMPL \
>>     "auto lo\n" \
>>     "iface lo inet loopback\n\n" \
>>     "iface wlan0 inet dhcp\n" \
>>     "    wpa-ssid %s\n" \
>>     "    wpa-psk \"%s\"\n"

>>
>> #define IFACES_PATH "/tmp"
>>
>> static void saveFile(char* essid, char* pw) //argv[1], argv[2]
>> {
>>     char *path;
>>     FILE *fp;
>>     unsigned p_len, e_len;

>>
>>     p_len = strlen(IFACES_PATH);
>>     e_len = strlen(essid);
>>     path = alloca(p_len + e_len + 2);

>>
>>     strcpy(path, IFACES_PATH);
>>     path[p_len] = '/';
>>     strcpy(path + p_len + 1, essid);

>>
>>     fp = fopen(path, "ab+");
>>     fprintf(fp, IFACE_TMPL, essid, pw);
>>     fclose(fp);
>> }

>>
>> int main(int argc, char **argv)
>> {
>>     saveFile(argv[1], argv[2]);
>>     return 0;
>> }
>> _______________________________________________
>> Dng mailing list
>> Dng@???
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

>>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng