#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    1
    Rep Power
    0

    Need help for exam


    Hello,

    I need your help to find potential vulnerabilities in this code. I am not good in programming and I don't have so much to figure out vulnerabilities. So I need a fast solutions now. The code is

    int my_filewrite(char *question) {
    char filename[100];
    int fd;
    printf(question);
    scanf("%s", filename);
    if (strlen(filename) > 100) {
    return 0;

    thank you so much for help.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    159
    Rep Power
    19
    If the following if statement evaluates as true, it's too late do do anything about the problem.
    Code:
    if (strlen(filename) > 100)
    Never use a function that doesn't limit the number of characters that can be retrieved into your C-strings.

    There are several more problems but I think you need to try to solve some of them yourself.

    Jim

IMN logo majestic logo threadwatch logo seochat tools logo