Added command injection example and secured examples

author: marcinzelent <zelent.marcin@gmail.com> 2018-06-16 22:50:18 +0200
committer: marcinzelent <zelent.marcin@gmail.com> 2018-06-16 22:50:18 +0200
commit: b0cf064f819357feedc77d6d5eb0de49e122554a (patch)
tree: 2ba0defb81576326dbc25736174100bfd43f677c /examples-secure/command-injection
parent: 7d93b9b60f0923b0f895d63b2d456b279a6ab774 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/examples-secure/command-injection/command-injection.c b/examples-secure/command-injection/command-injection.c
new file mode 100644
index 0000000..01eb15d
--- /dev/null
+++ b/examples-secure/command-injection/command-injection.c
@@ -0,0 +1,17 @@
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc, char **argv)
+{
+	int argl = strlen(argv[1]);
+	char cmd[argl + 6];
+
+	for (int i = 0; i < argl; i++)
+		if (argv[1][i] == ';' || argv[1][i] == '|' || argv[1][i] == '&')
+			argv[1][i] = ' ';
+	strcpy(cmd, "echo ");
+	strcat(cmd, argv[1]);
+	system(cmd);
+
+	return 0;
+}
author	marcinzelent <zelent.marcin@gmail.com>	2018-06-16 22:50:18 +0200
committer	marcinzelent <zelent.marcin@gmail.com>	2018-06-16 22:50:18 +0200
commit	b0cf064f819357feedc77d6d5eb0de49e122554a (patch)
tree	2ba0defb81576326dbc25736174100bfd43f677c /examples-secure/command-injection
parent	7d93b9b60f0923b0f895d63b2d456b279a6ab774 (diff)