#include <WhatHere?>
#include <WhatHere?>
#include <WhatHere?>
int main(int argc, char **argv) {
char command[50] = "echo ";
strcat(command,argv[1]); // concatenate the input so that the final command is "echo <input>"
system(command); // call the system() function to print the input
return 0; // denote that the program has finished executing successfully
}
我们可以通过运行此代码获得远程访问吗?我知道这是可能的,但请帮我修补它.
假设您担心潜在的缓冲区溢出,您可以像这样解决:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main (int argc, char **argv) {
char *command;
if (argc != 2) {
fprintf (stderr, "Wrong number of arguments\n");
return 1;
}
if ((command = malloc (strlen (argv[1]) + 6)) == NULL) {
fprintf (stderr, "Could not allocate memory\n");
return 1;
}
strcpy (command, "echo ");
strcat(command,argv[1]);
system(command);
free (command);
return 0;
}
这为"echo "(5),argv[1](字符串长度)和空终止符(1)留出了足够的空间.
允许用户指定的东西运行仍然是有潜在危险的,但至少你不会再得到缓冲区溢出.