What would be a safe and practical way to copy a string as defined by this
prompt in C?
The purpose of this function is to copy a string into a "buffer" -
essentially another string. However, the problem seems overly complicated
than what would be practical.
"Copies at most n-1 characters of string in into the buffer pointed to by
out. If n is reached, returns -2. Otherwise, returns -1 for malformed
input and 0 upon successful completion."
This is what I have:
#include <stdio.h>
#include <assert.h>
int copyStringN(register char *in, register char *out, register int n){
//Declarations
int i; //Dummy index
if(!in || !out) return -1;
for(i=0; i<n; i++){
*out++ = *in++;
}
*out = '\0';
return 0;
}
int main(void){
//Declarations
char in[] = "I'm not trying to inject malicious code...\\x29A.";
const int N = sizeof(in);
char out[N];
int err;
//Main execution
printf("\nThis function will copy at most n-1 characters of string
into\nthe buffer pointed to by out.\n\n");
err = copyStringN(in, out, N);
assert(!err);
printf("%s\n", out);
printf("\nPlease press enter to exit...");
getchar();
return 0;
}
This general form was suggested, but it seems overly convoluted than what
needs to be done. Why would n ever be reached? The execution should stop
before n. Furthermore, wouldn't N = sizeof(in) match the length of the
original string?
Personally, I would rather use a function closer to
int copyStringN(register char *in, register char *out)
{
if((!in || !out) && (sizeof(in)<=sizeof(out))) return -1;
else{
while(*t++ = *from++);
return 0;
}
}
int main(void){
//Declarations
char in[] = "I'm not trying to inject malicious code...\\x29A.";
const int N = sizeof(in);
char out[N];
int err;
..
..
..
I believe it would have the same effect with less statements. Let me make
this more of a question, how could I write a function that copies a string
into another array with the protection defined in the prompt? Also, are
the two programs that I presented somehow vulnerable in a way I don't
recognize?
Constructive input is appreciated.
No comments:
Post a Comment