Shoot yourself in the foot when handling input data

Brief Preface

FreeSWITCH

static const char *basic_gets(int *cnt)
{
....
int c = getchar();
if (c < 0) {
if (fgets(command_buf, sizeof(command_buf) - 1, stdin)
!= command_buf) {
break;
}
command_buf[strlen(command_buf)-1] = '\0'; /* remove endline */
break;
}
....
}

NcFTP

static int NcFTPConfirmResumeDownloadProc(....)
{
....
if (fgets(newname, sizeof(newname) - 1, stdin) == NULL)
newname[0] = '\0';
newname[strlen(newname) - 1] = '\0';
....
}

OpenLDAP

int main( int argc, char **argv )
{
char buf[ 4096 ];
FILE *fp = NULL;
....
if (....) {
fp = stdin;
}
....
if ( fp == NULL ) {
....
} else {
while ((rc == 0 || contoper)
&&
fgets(buf, sizeof(buf), fp) != NULL) {
buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
if ( *buf != '\0' ) {
rc = dodelete( ld, buf );
if ( rc != 0 )
retval = rc;
}
}
}
....
}
while (.... && fgets(buf, sizeof(buf), fp) != NULL) {
buf[ strlen( buf ) - 1 ] = '\0';
....
}

libidn

int main (int argc, char *argv[])
{
....
else if (fgets (readbuf, BUFSIZ, stdin) == NULL)
{
if (feof (stdin))
break;

error (EXIT_FAILURE, errno, _("input error"));
}
if (readbuf[strlen (readbuf) - 1] == '\n')
readbuf[strlen (readbuf) - 1] = '\0';
....
}
int main (int argc, char *argv[])
{
....
else if (getline (&line, &linelen, stdin) == -1)
{
if (feof (stdin))
break;
error (EXIT_FAILURE, errno, _("input error"));
}
if (line[strlen (line) - 1] == '\n')
line[strlen (line) - 1] = '\0';
....
}
if (strlen (line) > 0)
if (line[strlen (line) - 1] == '\n')
line[strlen (line) - 1] = '\0';

Static Analysis and Security

Conclusion

--

--

--

Head of DevRel at PVS-Studio LLC LinkedIn: https://www.linkedin.com/in/fotoshooter/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

My Learnings With Thinking Of A Solution For A Problem….

Raspberry Pi Based Home Karaoke System (personalized for lazy people like me)

Why to Have and How to Support Multi-Cloud Environments

Role of Stacks and Queues in problem solving.

Similarities of Coding & Corona

ANU#47 — Improved Checkout Flow, App Bundles, the AppCoins Universe

Going multicloud? These are the 6 biggest challenges

Safe Unlink

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sergey Vasiliev

Sergey Vasiliev

Head of DevRel at PVS-Studio LLC LinkedIn: https://www.linkedin.com/in/fotoshooter/

More from Medium

Reviewing functional programming

An image with a lambda character and the text “Functional Programming” below.

How to start working on large code base

Do Senior Engineers write less code?

Summary of What I learned in Design Pattern: Prototype