This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Edit this file to introduce tasks to be run by cron. | |
| # | |
| # Each task to run has to be defined through a single line | |
| # indicating with different fields when the task will be run | |
| # and what command to run for the task | |
| # | |
| # To define the time you can provide concrete values for | |
| # minute (m), hour (h), day of month (dom), month (mon), | |
| # and day of week (dow) or use '*' in these fields (for 'any').# | |
| # Notice that tasks will be started based on the cron's system |
int0x33
/ gets.c
Last active
February 17, 2019 12:05
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main () { | |
| char username[8]; | |
| int allow = 0; | |
| printf external link("Enter your username, please: "); | |
| gets(username); // user inputs "malicious" | |
| if (grantAccess(username)) { | |
| allow = 1; | |
| } | |
| if (allow != 0) { // has been overwritten by the overflow of the username. |
int0x33
/ fgets.c
Created
February 17, 2019 12:06
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #define LENGTH 8 | |
| int main () { | |
| char* username, *nlptr; | |
| int allow = 0; | |
| username = malloc(LENGTH * sizeof(*username)); | |
| if (!username) | |
| return EXIT_FAILURE; |
int0x33
/ strcpy.c
Created
February 17, 2019 12:10
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| char str1[10]; | |
| char str2[]="WeWantToOverwriteMemory"; | |
| strcpy(str1,str2); |
int0x33
/ strlcpy.c
Created
February 17, 2019 12:12
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #ifndef strlcpy | |
| #define strlcpy(dst,src,sz) snprintf((dst), (sz), "%s", (src)) | |
| #endif | |
| enum { BUFFER_SIZE = 10 }; | |
| int main() { | |
| char dst[BUFFER_SIZE]; |
int0x33
/ strncpy.c
Created
February 17, 2019 12:13
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enum { BUFFER_SIZE = 10 }; | |
| char str1[BUFFER_SIZE]; | |
| char str2[]="abcdefghijklmn"; | |
| strncpy(str1,str2, BUFFER_SIZE); /* limit number of characters to be copied */ | |
| // We need to set the limit to BUFFER_SIZE, so that all characters in the buffer | |
| // are set to '\0'. If the source buffer is longer than BUFFER_SIZE, all the '\0' | |
| // characters will be overwritten and the copy will be truncated. | |
| if (str1[BUFFER_SIZE-1] != '\0') { |
int0x33
/ sprintf.c
Created
February 17, 2019 12:22
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| enum { BUFFER_SIZE = 10 }; | |
| int main() { | |
| char buffer[BUFFER_SIZE]; | |
| int check = 0; | |
| sprintf(buffer, "%s", "This string is too long!"); |
int0x33
/ snprintf.c
Created
February 17, 2019 12:24
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| enum { BUFFER_SIZE = 10 }; | |
| int main() { | |
| char buffer[BUFFER_SIZE]; | |
| int length = snprintf(buffer, BUFFER_SIZE, "%s%s", "long-name", "suffix"); | |
int0x33
/ format.c
Created
February 17, 2019 12:29
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #FormatString.c | |
| #include <stdio.h> | |
| int main(int argc, char **argv) { | |
| char *secret = "This is a secret!\n"; | |
| printf external link(argv[1]); | |
| return 0; | |
| } |
int0x33
/ safefile.c
Created
February 17, 2019 12:43
https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <unistd.h> | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <stdlib.h> | |
| #define MY_TMP_FILE "/tmp/file.tmp" | |
| enum { FILE_MODE = 0600 }; | |
| int main(int argc, char* argv[]) |