Code :: Vunerable Snippet One Copy / Restore

#include <stdio.h> #include <string.h>   int main(int argc,char **argv){           char file_name[100];             if(!argv[1]) {                              printf("File Name: ");            gets(file_name);                       }else strcpy(file_name,argv[1]);             printf("\nFile Name: %s\n",file_name);                       return 0; } Select what you want to copy and in doing so you will keep the formatting when pasting it. #include <stdio.h> #include <string.h> int main(int argc,char **argv){ char file_name[100]; if(!argv[1]) { printf("File Name: "); gets(file_name); }else strcpy(file_name,argv[1]); printf("\nFile Name: %s\n",file_name); return 0; }

The above code is vunerable to Buffer Overflow in two locations

Unfortunatly you see it now in lots of code.

The program gets a file name and prints it to the screen. If the file name is given in the first arguement it copys that into the buffer and prints the buffer, if not it asks the user for it.

Code Copy / Restore

gets(file_name); Select what you want to copy and in doing so you will keep the formatting when pasting it. gets(file_name);

Is the first vunerability.

This does not take into account size of the buffer and which just write everything it gets into there. So if the user types in more than 100 charachters the buffer will overflow and the program may crash.

Code Copy / Restore

}else strcpy(file_name,argv[1]); Select what you want to copy and in doing so you will keep the formatting when pasting it. }else strcpy(file_name,argv[1]);

strcpy also does not take into account the size of a buffer.

The Following code is not vunerable to buffer overflow:

Code :: Non Vunerable Code Copy / Restore

#include <stdio.h> #include <string.h>   int main(int argc,char **argv){           char file_name[100];             if(!argv[1]) {                              printf("File Name: ");            fgets(file_name,sizeof(file_name)-1,stdin);                              if(*file_name) file_name[strlen(file_name)-1]=0;                              else{                                   puts("No text entered");                                   return 0;                               }                       }else strncpy(file_name,argv[1],sizeof(file_name)-1);             printf("\nFile Name: %s\n",file_name);                       return 0; } Select what you want to copy and in doing so you will keep the formatting when pasting it. #include <stdio.h> #include <string.h> int main(int argc,char **argv){ char file_name[100]; if(!argv[1]) { printf("File Name: "); fgets(file_name,sizeof(file_name)-1,stdin); if(*file_name) file_name[strlen(file_name)-1]=0; else{ puts("No text entered"); return 0; } }else strncpy(file_name,argv[1],sizeof(file_name)-1); printf("\nFile Name: %s\n",file_name); return 0; }

My Tips for avoiding buffer overflows.

-Protect access to variables. Free access is asking for exploits
-If you can't protect access, (servers & clients etc...) monitior what goes n and out
-Modify the size of your buffers depending on what your going to put in them, set sized buffers are asking for problems.
-Make sure you know the functions your using and what they do to buffers and exactly what each arguement it for, some functions will go one over the paramater for maximum bytes to write to a buffer so that they can null terminate it.

Notice how i used "sizeof(buffer)-1" instead of "sizeof(buffer)"

In general I would always give functions a byte in leway each time

Also use your common sense.

EDIT.
Sorry for indentation, codeboxes screwed up