#include
#include
#include
#define Message "Hello, world! World!! Int Main()
{Char *buffer = Malloc(sizeof(char) * (strlen(message) 1));Strcpy(buffer, message);Printf("%sn" , buffer);Return 0;
}
Program 1 than the program 2 get simply much, and in this specific example, both can work very well. We have a such case suppose: I had known the length of the string that manages here, accordingly, I can define a proper array length. But, in CGI program, the string that you do not know to input can have how long. Cite a case, if the length of information is more than 80 Char, so program 1 meeting breaks down (namely the " that we say normally spills over " ) .
This is called Buffer Overflow, clever Hacker can use this to execute an order remotely. In the NCSA Httpd V1.3 of Bug consist in that this amortize spills over. This is why a network (or CGI) the very good example that programmer needs more attentive process designing. In the machine of an odd user, amortize spills over to be able to cause a system to break down only. Do not have in the odd user computer that break down necessary use amortize excessive to come out to execute an order, because probably any orders that you had executed you to need (besides communal terminal) . However, in network system, a CGI program that break down is far not be so simple, it can make the back door that enters without the user of accredit.
2 medium code settled the program two problems. Above all, its dynamic allocation the enough space of memory string. Next, the length that notices my general message was added 1. Such, I allocated actually more than string length the memory of 1 byte. This assures string won't be 0. Because target character always can be additional character to stay,be free, strcpy() function added empty character of string finally in the target, strcpy() placed empty character. Doing not have reason to think to travel the string that presents CGI scenario can be empty character, accordingly, to be ready for any eventuality, I took the space of 1 byte finally.
Your C program avoided if to spill over like amortize such problem, so you can draw up safe CGI program. However, this is hard work, the CGI that becomes you especially is very big more complex when. These problems will force you to cost the design job that than general CGI job more times ponder vulgar language. Be based on this reason, you may prefer a bit more advanced programming language (like Perl) .
However, the Perl that has advanced characteristic is having rash one side. Although you can assume Perl handles the memory of string correctly, but when a bit more advanced grammar that uses you not to notice when Perl does a few businesses, probable meeting has risk. In issueing your can clearer understanding arrives.
2-2.shell dangerous sex
Very much CGI task can use the implementation with other very easy programs. For example, you should write the mail gateway of a CGI, using CGI program completely to come to those who finish executive post send a representative is very madness. More practical method is the mail that conveys data to exist to through conduit deferent representative program, for instance Sendmail, let Sendmail finish the job that leave next. This kind of habit is very good be worth to encourage.
Previous 1 2 34 Next