An example of what the program should do:
./executable ls -l
should do the same as
ls -l
so basically it's a useless interpreter for shell commands.
I've created a string fullpath that contains /bin/commandname and a two dimensional array arguments, which is basically argv but without the first two entries (which are executable and commandname).
For the ./executable ls -l example it actually returns the following:
full path: /bin/ls
Argument 0: -l
which is correct, but execv does literally nothing.
How do I fix this?
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char** argv){
char path[6] = "/bin/";
char* fullpath = (char*)malloc(strlen(path)+strlen(argv[1]));
strcat(fullpath, path);
strcat(fullpath, argv[1]);
printf("full path: %s\n", fullpath);
char *arguments[argc-1];
int i;
for(i=0; i<argc-2; i++){
arguments[i] = (char*)malloc(strlen(argv[i+2]));
strcpy(arguments[i], argv[i+2]);
printf("Argument %d: %s\n", i, argv[i+2]);
}
execv("/bin/ls", arguments);
return 0;
}
Your program seems functional when we modify the following line :
char *arguments[argc-1];
Your char **arguments have to be like this line :
char *arguments[] = { "/bin/ls", "-l", NULL };
In other words, don't forget to indicate the command first; and be sure to put NULL at the end of your char **.
Good luck ! ;)
Related
Good afternoon, Old man trying to learn new tricks here,
I have been given an assignment that I am trying to work my way through but I am stuck as I don't fully understand the argv[]
I have 4 files I want to read from and eventually use malloc and realloc but thats further down.
My initial plan was to try read one file and get it onto the command line. I had it opening but made that many changes that now I'm lost.
Think my problem lies with argv[4] as i dont understand it, when I put 4 it goes into theloop and errors but with 1 it just bombs out.
If someone can point me in the direction I am going wrong here it would be great
Thanks
struct Person { char lname[20]; char fname[20]; int id; };
int i, N;
struct Person *student;
int main(int argc, char *argv[])
{
FILE *outputfile;
printf("Please enter the name of the file to open: ");
scanf("%s", argv[4]);
outputfile = fopen(argv[4], "r") ;
if (outputfile==NULL){
perror(argv[1]);
fprintf(stderr,"Error while opeining file\n");
exit(-1);
}
You don't have to use argv[]. Argv is an array of strings that store the arguments passed in when running the executable. If you run the executable like this: ./a.out, then argv only contains one element, which is the path of the executable itself. If you run the program like this, and you try to access argv[4], it does not give you an error, but if you debug it using GDB, it will output the following: warning: Invalid parameter passed to C runtime function.
You could pass in a file on the command line like this: ./a.out yourfile.txt. In this case, argv[0] will be the path of the executable a.out, and argv[1] will be the string "yourfile.txt".
It might be easier to completely drop the use of argv and store the user input for the filename in a string. You can then pass that string as an argument to fopen. This would look something like this:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[]) {
char fileName[30];
char ch;
printf("Please enter a file name\n");
scanf("%s", fileName);
FILE *outputFile = fopen(fileName, "r");
if(outputFile == NULL) {
printf("Could not open %s\n", fileName);
exit(-1);
}
}
Use constants (NAME_LEN) instead of hard-coding magic values.
Prefer multiple lines for your struct. It's easier to read and version control systems prefer lines for diffs.
Avoid global variables.
Do a boundary check using argc (count of elements in argv) before you read argv. argv[0] is the name of your program, argv[1] is the first argument.
Treat argv as read-only, i.e. don't do scanf("%s", argv[4]).
Prefer to initialize variables instead of declaring and assigning a value separately. It's easy to forget setting a variable before use which leads ot undefined behavior. Initialization might be faster, too.
Your file handle is called outputfile but with fopen() you use the mode of r for reading. Either mode should be w or you want to change the variable name to inputfile.
#include <stdio.h>
#include <string.h>
#define NAME_LEN 20
struct Person {
char lname[NAME_LEN];
char fname[NAME_LEN];
int id;
};
int main(int argc, char *argv[]) {
char filename[FILENAME_MAX];
if(argc > 4) {
strcpy(filename, argv[4]);
} else {
printf("filename? ");
fgets(filename, FILENAME_MAX, stdin);
filename[strcspn(filename, "\n")] = '\0';
}
FILE *outputfile = fopen(filename, "w");
if(!outputfile) {
// ...
}
fclose(outputfile);
}
and you would run your program with either:
$ ./a.out dummy dummy dummy output.txt
or
$ ./a.out
filename? output.txt
It sounds as if you are expected to provide 4 file names as command line parameters. In which case you should be doing this:
#include <stdio.h>
int main (int argc, char *argv[])
{
const int files = 4;
if(argc != files+1)
{
printf("Usage: myprog file1 file2 file3 file4");
return 0;
}
FILE* fp [files];
for(int i=0; i<files; i++)
{
fp[i] = fopen(argv[i+1], "r");
...
}
...
}
I am a little bit stuck. I have a C program which includes the environmental variable $USER. The goal is to use the environmental variable to execute a different file using command injection.
I already tried different ways of declaring USER.
e.g.: Declaring USER as
env USER=">/dev/null ; cat /home/Steve/Public/file2.txt".
Unfortunately, that did not work.
C program:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
// Execute any shell command
void execute(char *cmd)
{
execl("/bin/bash", "bash", "-p", "-c", cmd, NULL);
}
void sanitise(char *password)
{
int i,j;
char tmp[15];
// remove non-alphabet characters from passwords
j=0;
for(i=0; i < 15; ++i)
if(password[i] >= 'a' && password[i] <= 'z') {
tmp[j]=password[i];
++j;
} else break;
tmp[j] = '\0';
strcpy(password, tmp);
}
int authenticate(char *str)
{
char stored_password[15]="";
char pass[15];
char path[128] = "/home/Steve/private/password";
int i;
FILE *fpp;
int auth=0;
fpp = fopen(path, "r");
if(fpp == NULL)
{
printf("Password file %s not found\n", path);
exit(1);
}
fgets(stored_password, 15, fpp);
sanitise(stored_password);
strcpy(pass, str);
sanitise(pass);
if(strcmp(stored_password,pass) == 0)
auth=1;
else {
auth=0;
}
fclose(fpp);
return auth;
}
int main(int argc, char* argv[], char *envp[])
{
char error[256] = "/home/Steve/Public/errormessage.sh $USER ";
char pass[15];
if(argc < 2)
{
printf("Usage: %s password\n", argv[0]);
return 0;
}
// copy only 15 characters from user input, to prevent stack smashing
strncpy(pass, argv[1], 15);
pass[14]='\0';
if(!authenticate(pass)) {
// Log all failed attempts
printf("Wrong password. This incident has been logged.\n");
strcat(error, pass);
execute(error); // Execute script to log events
return 0;
}
// Display 'secret-file2'
execute("cat /home/Steve/Public/file2.txt");
return 0;
}
The goal would be to make the program output the file from the variable USER and not the initial file path declared in the error char. Ideally, without changing the C program at all.
Can anyone please tell me what I am missing here?
If you wish to use your C program with a fresh seted ${USER} variable "env -i" is what you should use.
Example: env -i USER='injected code' name_of_c_program
If that's what the program is doing, it will execute the following command:
/home/Steve/Public/errormessage.sh $USER <provided-password>
Since you control the provided password (that is, you can pass what you want in argv[1] as long as it's max 14 characters), you can just execute another bash shell as well, and then use it to run any command you want. There really is no need to tamper with $USER.
$ ./program '; bash'
Wrong password. This incident has been logged.
$ <--- another bash shell has now started
$ cat /home/Steve/Public/file2.txt
...contents of file2.txt...
If you want to run it with a single command, this should work:
echo 'cat /home/Steve/Public/file2.txt' | ./program '; bash'
Use 'getenv' library function to get the value of environment variable(USER). And then run the command using 'system(path)'.
#include <stdlib.h>
...
char path[256] = "/home/Steve/Public/file1.sh ";
strcat( path, getenv("USER") );
//char path[256];
//sprintf(file,"%s%s","/home/Steve/Public/file1.sh ",getenv("USER"));
...
I am attemping to parse a command-line argument from one function process_command_line which I will then use in a main function. The second command-line argument enables the name of a file input to be submitted, which will later be used to read/write files. For the time being, I will just print out the argument within the main function to ensure that it is functioning correctly. I have had no issues parsing integers using this separate function method, but cannot get a correct output when trying to parse an input file name.
EDIT: I think my issue lies in the second function where I have a line saying argv[1] = input_file;
My attempt:
#include <stdio.h>
#include <stdlib.h>
int process_command_line(int argc, char *argv[]); //declaration for command-line function
char str2[100];
int main(int argc, char *argv[]) {
printf("%s", str2);
getchar();
return 0;
}
//This function reads in the arguments
int process_command_line(int argc, char *argv[]) {
if (argc < 2) {
fprintf(stderr, "Error: Missing program arguments.\n");
exit(1);
}
//first argument is always the executable name (argv[0])
//second argument reads in the input file name
strcpy(str2, argv[1]); //I think this is where the problem lies
}
With the help of users on this question, here is my updated and functioning solution. The problem was that I wasn't calling the second function within my main function.
My solution:
#include <stdio.h>
#include <stdlib.h>
int process_command_line(int argc, char *argv[]); //declaration for command-line function
char str2[100];
int main(int argc, char *argv[]) {
process_command_line(argc, argv); //This was missing in my first attempt
printf("%s", str2);
getchar();
return 0;
}
//This function reads in the arguments
int process_command_line(int argc, char *argv[]) {
if (argc < 2) {
fprintf(stderr, "Error: Missing program arguments.\n");
exit(1);
}
//first argument is always the executable name (argv[0])
//second argument reads in the input file name
strcpy(str2, argv[1]);
}
I'm having some problems with execve. I'm trying to make a shell that can function just like the bash shell, but I have problems with the forked child executing a command. Here is what I have for the child. cmd is a char * with the command that the user typed in. However, when I run this program, I get this error from perror:
execve error: No such file or directory.
I have tried the program with a simple ls, and it should make path="/bin/ls" and execute it (I have confirmed this is where my ls command is) but it still complains. What am I doing wrong? Thanks!
if(pid == 0)
{
// Parse the command
char * word = strtok(cmd, " ");
char path[128] = "/bin/";
strcat(path, word);
// Execute the process
char * newenvp[] = { NULL };
char * newargv[] = { path, NULL };
ret = execve(path, newargv, newenvp);
if(ret == -1)
perror("execve error");
return EXIT_SUCCESS;
}
The first thing I would do would be to insert:
printf ("[%s]\n", path);
before the call to execve. That should confirm that the executable is what you think it is.
That code of yours looks okay as long as the input you're feeding into it is correct and the executable actually is available. For example, the following complete program works fine on my Debian box:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main (int argc, char *argv[]) {
if (argc > 1) {
char * word = strtok (argv[1], " ");
char path[128] = "/bin/";
strcat (path, word);
char * newenvp[] = { NULL };
char * newargv[] = { path, NULL };
printf ("[%s]\n", path);
int ret = execve (path, newargv, newenvp);
if (ret == -1) {
perror("execve error");
}
}
return 0;
}
outputting, when I run ./testprog ls, something along the lines of:
[/bin/ls]
kidsshares.ods paxwords birthdays homeloantracking.gnumeric
shares2011.ods backup0.sh development lexar
accounts.ods backup1.sh photos testprog.c
testprog
If you don't want to manually travel through the fileystem to find the correct binary, there is execlp (with an additional p).
From the manpage:
The execlp(), execvp(), and execvpe() functions duplicate the actions of the shell in searching for an executable file if the specified
filename does not contain a slash (/) character. The file is sought in the colon-separated list of directory pathnames specified in the PATH environment variable. If this variable isn't defined, the path list defaults to the current directory followed by the list of directories returned by confstr(_CS_PATH). (This confstr(3) call typically returns the value "/bin:/usr/bin".) [...]
I ran a simulation for some data y1, y2,..yn and generate vectors w, mu. At each simulation these results are stored into a file, let us say (normally w and mu are very long vectors 10,000 entries)
/home/carlos/Documents/Results/w.txt
/home/carlos/Documents/Results/mu.txt
But if I want to run my algorithm with other data set, and do not want to lose the previous results, I have to go directly into my C code and change (or move the w.txt, mu.txt to other file)
/home/carlos/Documents/Results/OtherData/w.txt
/home/carlos/Documents/Results/OtherData/mu.txt
I do not want to go every time into my C code to change the address(or move again and again w.txt, mu.txt), I would like to just create a new folder with a name: OtherData and store the data there just giving the address
/home/carlos/Documents/Results/OtherData/
as an input for the code
I did a very simplified example but it does not work, could somebody give me a hand?
#include <stdio.h>
#include <string.h>
void main(char *dir){
char dir_happy[100] = *dir, dir_sad[100]=*dir;
FILE *ffile_happy, *ffile_sad;
strcat(dir_happy, "/happy.txt");
strcat(dir_sad, "/sad.txt");
ffile_happy = fopen("dir_happy.txt", "w");
ffile_sad = fopen("dir_sad.txt", "w");
fprintf(ffile_happy, "Hello!, happy world\n");
fprintf(ffile_sad, "Hello!, sad world\n");
fclose(ffile_happy);
fclose(ffile_sad);
}
You have the arguments to main() wrong. The proper prototype is:
int main(int argc, char *argv[]);
Where argc is the number of arguments given, and argv is a vector holding each argument. The first argument (in argv[0]) is generally the program's name.
Untested. Have fun.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_FILENAME_LENGTH 100
#define DEFAULT_DIR "."
#define HAPPY_NAME "/happy.txt"
#define SAD_NAME "/sad.txt"
int main(int argc, char **argv) {
char name1[MAX_FILENAME_LENGTH+1], name2[MAX_FILENAME_LENGTH+1];
size_t dirlen;
char *dir = DEFAULT_DIR;
FILE *ffile_happy, *ffile_sad;
if (argc == 2) {
dir = argv[1];
}
dirlen = strlen(dir);
if (len + strlen(HAPPY_NAME) > MAX_FILENAME_LENGTH) {
fprintf(stderr, "Directory name too long. Program aborted.\n");
exit(EXIT_FAILURE);
}
if (len + strlen(SAD_NAME) > MAX_FILENAME_LENGTH) {
fprintf(stderr, "Directory name too long. Program aborted.\n");
exit(EXIT_FAILURE);
}
strcpy(name1, dir); strcat(name1, HAPPY_NAME);
strcpy(name2, dir); strcat(name2, SAD_NAME);
ffile_happy = fopen(name1, "w");
if (ffile_happy == NULL) {
fprintf(stderr, "Unable to open file \"%s\" for writing. Program aborted.\n", name1);
exit(EXIT_FAILURE);
}
ffile_sad = fopen(name2, "w");
if (ffile_sad == NULL) {
fprintf(stderr, "Unable to open file \"%s\" for writing. Program aborted.\n", name2);
fclose(ffile_happy);
exit(EXIT_FAILURE);
}
/* use files */
fclose(ffile_happy);
fclose(ffile_sad);
return 0;
}
void main(char *dir) is the problem.
Main takes 2 args int/void main(int argc, char *argv[])
argc is the number of arguments to the executable.
argv[0] is the filename of the executable.
argv[1..n] are the arguments passed (normally space separated, with quotes allowed)
So /a.out Hello "Look at me" would parse as
argv[0] => './a.out'
argv[1] => 'Hello'
argv[2] => 'Look at me'