[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [CPROG] Hvad går der galt?



Egon Petersen <sslug@sslug> writes:

Jeg vil i øvrigt ikke undlade at påpege et væld af potentielle fejl og
sikkerhedshuller.

> Hej med jer.
>
> Af en eller anden grund virker følgende kildetekst ikke:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> int sorterA(char [10][81]);
>
> int main(int argc, char *argv[])
> {
>   char navn[10][81];
>   int taeller, res;
>
>   for (taeller=0;taeller<10;taeller++)
>   {
>     printf("Indtast venligst navn nr. %d: ", taeller+1);
>     gets(navn[taeller]);
>   }

gets() er farlig. Den tjekker ikke at brugeren af programmet ikke
laver navne på mere end 80 tegn. Hvis de gør så vil dit program lave
underlige ting. Det vil dels give nogle fejl der er svære at opdage og
er dels et potentielt sikkerhedshul.

Brug fgets() istedet.

    fgets(navn[taeller],81,stdin);

>       if (strcmp(navn[tael2],navn[tael2+1])>0)
>       {
>         strcpy(streng, navn[tael2]);
>         strcpy(navn[tael2], navn[tael2+1]);
>         strcpy(navn[tael2+1], streng);
>       }

Omtrendt samme problem giver strcmp og strcpy. Her skal du istedet
bruge strncmp og strncpy der begge tager en størelse som tredje
argument. 

Når du nu skal bruge størelsen på dine navnestrenge så mange steder
kunne det være smart at definerer en NAMESIZE et enkelt sted så du
ikke laver fejl hvis du pludselig opdager at det kan være nødvendigt
at behandle navne der er længere.


Det kan godt være at det virker lidt unødvendigt, men det er bedst at
træne god programmeringsskik fra begyndelse uanset hvilken størelse
programmer man laver.

-- 
 Peter Makholm     |              I have no caps-lock but I must scream...
 sslug@sslug |                                               -- Greg
 http://hacking.dk |                                                      


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:10 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *