Berkeley CSUA MOTD:Entry 15358
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/25 [General] UID:1000 Activity:popular
5/25    

1999/2/4-5 [Computer/SW/Languages] UID:15358 Activity:high
2/3     Spot the buffer overflow.  I dunno...I think this rules.  Lifted
        from actual source.  ~sky/bof.c         --sky
        \_ This does rule.  What actual source was it lifted from?
           \_ NFR by Marcus Ranum...  Its an intrusion detection
              package.  For those who need hints, it has nothing
              to do with string null termination, off by one, etc...  --sky
              \_ It just uses the canonical Evil Input Function
                 \_ There's nothing wrong with fgets. Were you thinking of gets?
        \_ my guess: atoi goes funky for certain inputs
           \_ Nope, atoi always returns a value between LONG_MIN and LONG_MAX.
              See strtol(3).
        \_ returning a pointer to a static char buf which probably no longer
           exists after being returned.
           \_ It is static, therefore, it still exists.  Static variables
              are allocated ONCE and retained between function calls.  -PeterM
                \_ Yeah I know but I had to guess _something_ different.  I
                   think it works.  I think this is a test of everyone's
                   gullibility.... I just checked.  It doesn't even compile
                   bc 'stdout' doesn't exist.  It's a scam.
                   \_ duh.  add '#include <stdio.h>'   --sky
                        \_ It was a trick.
        \_ Does this occur only for special values of the input?
        \_ I guess when the user enters something like "-1", strncpy will
           treat the len argument as being 4294967295 because size_t is
           unsigned, and overflows the buffer.  Correct?  -- yuen
           \_ yep. strncpy takes size_t which is unsigned.  len in an int,
              so -1 < 99, yet when passed to strncpy len becomes
              4294967295.  -sky
2025/05/25 [General] UID:1000 Activity:popular
5/25    

You may also be interested in these entries...
2014/1/14-2/5 [Computer/SW/Languages/C_Cplusplus] UID:54763 Activity:nil
1/14    Why is NULL defined to be "0" in C++ instead of "((void *) 0)" like in
        C?  I have some overloaded functtions where one takes an integer
        parameter and the other a pointer parameter.  When I call it with
        "NULL", the compiler matches it with the integer version instead of
        the pointer version which is a problem.  Other funny effect is that
        sizeof(NULL) is different from sizeof(myPtr).  Thanks.
	...
2010/8/12-9/7 [Computer/SW/Languages] UID:53921 Activity:nil
8/12    Judge Walker denies Stay. Prop 8 null and void from next Wednesday:
        <DEAD>ecf.cand.uscourts.gov/cand/09cv2292<DEAD>
	...
2009/8/27-9/9 [Computer/SW/OS/Windows] UID:53306 Activity:nil
8/27    '"Fatal flaw" in Windows 7 raising eyebrows'
        http://tech.yahoo.com/blogs/null/146995
        \_ stupid journalism. --mac user
	...
2009/4/30-5/6 [Computer/Theory] UID:52923 Activity:nil
4/30    Sorting question!  I have n sorted arrays of doubles.  What's the
        fastest way to sort them into 1 big sorted array?
        \_ as mentioned below: you are describing one half of mergesort
        \_ You really have to ask this question?
           \_ You don't know either, huh?
        \_ If three are n sorted arrays of m doubles each, I think the fastest
	...
2009/3/29-4/3 [Computer/HW/Laptop, Science/GlobalWarming] UID:52768 Activity:high
3/29    "Leaving computers on overnight = $2.8 billion a year"
        http://tech.yahoo.com/blogs/null/130078
        \_ Not good for hardware to power it up and down all the time. I
           always leave all my computers on all the time, except for
           laptops which I allow to sleep (but still be powered).
           \_ How is this the case for desktops but not laptops?  I don't see
	...
2009/1/26-2/1 [Computer/SW/SpamAssassin] UID:52462 Activity:nil
1/26    Can somebody show me a procmail rule which drops email from
        users {foo, bar, baz}@{host1,host2,host3}.berkeley.edu.
        I dont want to have to create a rule set like this for
        each combination:
        :0:
        * ^From: cfengine@host.berkeley.edu
	...
2009/1/21-26 [Computer/SW/Languages/Java, Computer/HW/Memory] UID:52436 Activity:nil
1/21    If I have a linked list of structs and many of those structs have
        members that are structs then what is the best way to free() the
        memory when I am done with them? I thought I would walk the list
        and do a free() on each member of each struct, but that generates
        errors like free(): invalid pointer, presumably because I don't
        always allocate memory in each struct. No, I never took a class in
	...
2008/7/14-16 [Computer/SW/Languages/Perl, Computer/SW/Unix] UID:50557 Activity:moderate
7/14    Shell Programming question: I want to call a script with 1 arg
        and have it figure out whether $1 is a MAC address or an IP address
        and then do call the appropriate function.  What is the best way
        to do this, given that sh/bash/ksh do not have something like
        the =~ in perl.  Check for exit status of grep, or is there a
        a better way?  For the moment, let's just say the two tests are:
	...
2008/6/27-7/14 [Computer/SW/OS/Windows] UID:50396 Activity:nil
6/27    "No extension: Windows XP D-Day arrives Monday, June 30"
        http://tech.yahoo.com/blogs/null/96295
        Among all Windows versions, is XP one of the most sucessful ones?  The
        other one I can think of might be 3.1.
        \_ 2000 was pretty damn good too.
        \_ Win95? It ran the most games. XP seems better than Win2k to me, but
	...
2008/7/11-13 [Computer/SW/OS/Misc] UID:50541 Activity:kinda low
7/11    Does anyone know a way to find out all the environment variables for
        a running process aside from ps?  I'm doing this on AIX, and while
        ps eww <pid> gives some of the environment vars, it seems to stop at
        2000 characters or so.
        \_ have you tried ps ewww? That works in some flavors of Unix.
        \- agree with ps -e. otherwise, on AssOS, /proc/<pid>/environ ...
	...
2008/6/9-12 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:50194 Activity:nil
6/8     CSUA code guru please help. I need to see my random number
        generator with a good seed (I just need random 18 bit
        identifiers). The usual time(NULL) is OK, except my program
        might be invoked faster than once a second, and seeding using
        time() produced the same result. I tried clock() but it seems
        to return 0. My program needs to be run in Linux/DOS (Watcom
	...
2008/3/10-13 [Computer/SW/SpamAssassin] UID:49412 Activity:nil
3/10    Is there a reliable way to control spam on soda?
        Can someone write an "any undergrad can do it" level FAQ?  Thanks.
        \_ echo "/dev/null" > ~/.forward
        \_ I use Thunderbird to check my soda mail.
        \_ Forward to gmail.  Let google's spam filter work for you.
        \_ I use spamassassin. I just checked and it caught all but one of
	...