12 funny C language interview questions and answers-Comment on 12 interesting C language Q & A (1)

The blog post was turned around with great seriousness (154,000 results, many of which are well-known technical websites, were found to be funny after google. Because it is clearly a spam, the quality is low, and vulnerabilities are everywhere. There is basically not much technical nutrition, but there are many technical toxins.

Some people may subconsciously think that foreign languages are very technical. However, there are also spam in foreign languages, and there are also many foreign people, just as some foreign experts from Tan's "C language programming" wrote best-selling spam books (for example, the C language book translated by the Post and Telecommunications Agency for everyone, see. We cannot blindly trust things outside China, nor determine the technical value based on the popularity or forwarding value.

 

 

 

int main(void) {     char buff[10];     memset(buff,0,sizeof(buff));       gets(buff);       printf("\n The buffer entered is [%s]\n",buff);       return 0; }

 

 

    memset(buff,0,sizeof(buff));

    char buff[10] = ｛ '\0' ｝;

 

 

#include<stdio.h>int main(int argc, char *argv[]){    int flag = 0;    char passwd[10];    memset(passwd,0,sizeof(passwd));    strcpy(passwd, argv[1]);    if(0 == strcmp("LinuxGeek", passwd))    {        flag = 1;    }    if(flag)    {        printf("\n Password cracked \n");    }    else    {        printf("\n Incorrect passwd \n");    }    return 0;}

 

 

Answer: Yes. the authentication logic in above password protector code can be compromised by exploiting the loophole of strcpy () function. this function copies the password supplied by user to the 'passwd' buffer without checking whether the length of password supplied can be accommodated by the 'passwd' buffer or not. so if a user supplies a random password of such a length that causes buffer overflow and overwrites the memory location containing the default value '0' of the 'flag' variable then even if the password matching condition fails, the check of flag being non-zero becomes true and hence the password protection is breached.

For example:

$./Psswd aaaaaaaaaaaaa

Password cracked
So you can see that though the password supplied in the above example is not correct but still it breached the password security through buffer overflow.
To avoid these kind of problems the function strncpy () shocould be used.

 

Note from author: These days the compilers internally detect the possibility of stack smashing and so they store variables on stack in such a way that stack smashing becomes very difficult. in my case also, the gcc does this by default so I had to use the compile option '-fno-stack-protector' to reproduce the above scenario.

Memset (passwd, 0, sizeof (passwd ));

] To the string.

#include<stdio.h> main( argc,  * passwd[], ( strcmp(, argv[] ) == //( strcmp(, passwd) ==