C /CLI is patulous to a of C , its are right all types, include standard C kind, added pair of attribute, incident, rubbish to reclaim, reach extensive support.
Visual C 2005 expanded to using C /CLI (universal language infrastructure) develop the fictitious machine that runs at containing rubbish to reclaim to go up accuse a support that reachs applied process, and one C /CLI is pair of C programming language expands, its are right all types, include standard C kind, if attribute, incident, rubbish reclaims,added, reach extensive wait for character.
The library when Visual C 2005 supports.net Framework universal language to move (CLR) , its are rubbish reclaims the implementation of fictitious machine Microsoft. Visual C 2005 supports the C grammar of.NET process designing come from the evolution of mandatory and patulous C that introduces in Visual C .NET 2003, mandatory and patulous C still is supported, but deprecatory already below the circumstance of apt neologism law use. Visual C 2005 also added new character to this locality process designing at the same time, include support of 64 processor framework, reach the new library function that enhanced security.
In the article, when basically will explaining to come in the new environment that transplants existing old system to use CLR with the smallest price, what want the problem that face, the purpose is to decide whether these processes suffer the effect that the buffer with torment C/C old order spills over easily still.
Exemple name of user of input of user of 1 meeting requirement and password, besides eliminate user name, the program accepts "NCC-1701" to be effective password only. If the user inputted wrong password, the program will be exited. (the flaw that this program just regards C /CLI as code checks, is not to demonstrate how to process a code. ) exemple 1:
1.#include <stdlib.h>
2.#include <stdio.h>
3.#include <Windows.h>
4.Char Buff[1028];
5.Struct User {
6.Char *name;
7.Size_t Len;
8.Int Uid;
9.};
10.Bool Checkpassword() {
11.Char Password[10];
12.Puts("Enter 8 Character Password:" ) ;
13.Gets(password);
14.If (strcmp(password, "NCC-1701" )==0) {
15.Return True;
16.}
17.Else {
18.Return False;
19.}
20.}
21.Int Main(int Argc, char *argv[]) {
22.Struct User *usERP = (struct User *)0xcdcdcdcd;
23.Size_t UserNameLen = 0xdeadbeef;
24.UserP = (struct User *)malloc(sizeof(user));
25.Puts("Enter User Name:" ) ;
26.Gets(buff);
27.If (! Checkpassword()) {
28.UserNameLen = Strlen(buff) 1;
29.UserP->len = UserNameLen;
30.UserP->name = (char *)malloc(userNameLen);
31.Strcpy(userP->name, buff); // Log Failed Login Attempt
32.Exit(-1);
33.}
34.}
The program begins to carry out from 21 Main() , in 25 reached 26 exercise to use a pair of Puts() and Gets() to hint input user name, brought about to input buffer character array from the standard (statement is in the 4th) do not suffer pilot string to duplicate, the place of this two place in the program can cause the leak that a buffer spills over likely. Checkpassword() function is called by 27 in Main() , input a password in user of the 12 clew in reaching 13, this also was to use a pair of Puts()/gets() . The buffer of password character array that also can bring about a definition to go up in stack to be being called the 2nd times of Gets() spills over.
Previous12 Next
Hot Tags: