954,496 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
5 Years Ago
0

securely read an integer

This is C.

1. My question is how would I read in an integer securely from stdin.

I saw the following snippets:
http://www.daniweb.com/code/snippet441.html
http://www.daniweb.com/code/snippet597.html

Would those functions protect from integer overflows/underflows AND format string attacks?


2. What about strings?
Does a simple use of fgets protect from buffer overflows AND format string attacks?

belhifet
Newbie Poster
6 posts since Oct 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0
Would those functions protect from integer overflows/underflows


yes -- did you read those links you posted?AND format string attacks?
:?: are we playing packman game here?2. What about strings?
Does a simple use of fgets protect from buffer overflows AND format string attacks?
buffer overflows -- yes. Again, I don't know what a "string attack" is.

Ancient Dragon
Retired & Loving It
Team Colleague
30,049 posts since Aug 2005
Reputation Points: 5,662
Solved Threads: 2,343
 
5 Years Ago
0

> Does a simple use of fgets protect from buffer overflows
Only so long as you're honest about the size of your buffer.

char buff[10];
fgets( buff, 100, stdin );

Isn't any better than gets()
OK, it's limited damage compared to gets(), but it's still a hell of a lot worse than no damage at all.

> AND format string attacks?
fgets() doesn't use format strings, so it's not an issue.

Salem
Posting Sage
Team Colleague
11,531 posts since Dec 2005
Reputation Points: 5,862
Solved Threads: 953
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed