#include <stdio.h>
int main(){
char name[40];
gets(name);
if((int) sizeof(name) > 39*4){
printf("Something went wrong!!!");
}
else{
printf("%s\n", name);
}
}
and
#include
<stdio.h>
int main(){
char name[40];
gets_s(name);
if((int) sizeof(name) > 39*4){
printf("Something went wrong!!!");
}
else{
printf("%s\n", name);
}
}
Not much, the first example is an example of a primitive way to check the input for buffer overflow condition. Unfortunately, the function gets() has a buffer overflow condition problem, so it is useless to rely on this function for checking the length of the input. Programmers should use gets_s() function call instead. These days, modern IDEs will check for old and deprecated functions that are not secure to use, so programmers will not make these kind of mistakes. For example, Visual Studio, I used VS2013 in this example, will not even allow the re-processor to compile this code into an executable unless we force the code of the compiler to ignore security checking.
Why would someone run this command if the previous code was compiled as driver.exe?
python -c "print '\x42'*41" | driver.exe
Note: In order to compile the first example code, you might have to turn off error messages that might not allow you to compile it. This can be done in the project's property ( see image below ) or by adding the code below before the pre-processor to the project in Visual Studio.
int main(){
char name[40];
gets_s(name);
if((int) sizeof(name) > 39*4){
printf("Something went wrong!!!");
}
else{
printf("%s\n", name);
}
}
Not much, the first example is an example of a primitive way to check the input for buffer overflow condition. Unfortunately, the function gets() has a buffer overflow condition problem, so it is useless to rely on this function for checking the length of the input. Programmers should use gets_s() function call instead. These days, modern IDEs will check for old and deprecated functions that are not secure to use, so programmers will not make these kind of mistakes. For example, Visual Studio, I used VS2013 in this example, will not even allow the re-processor to compile this code into an executable unless we force the code of the compiler to ignore security checking.
Why would someone run this command if the previous code was compiled as driver.exe?
python -c "print '\x42'*41" | driver.exe
Note: In order to compile the first example code, you might have to turn off error messages that might not allow you to compile it. This can be done in the project's property ( see image below ) or by adding the code below before the pre-processor to the project in Visual Studio.
#ifdef _MSC_VER
#define _CRT_SECURE_NO_WARNINGS
#endif 
