-
Notifications
You must be signed in to change notification settings - Fork 0
/
supersafeprogram.c
executable file
·100 lines (91 loc) · 2.51 KB
/
supersafeprogram.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// ------------------------------------------------------------
// File: supersafeprogram.c
// Created by: Secure D Center Team
// Date: 11 Feb 2020
// Description: Target file for fuzzing example
// Compiling: afl-gcc supersafeprogram.c -o supersafeprogram
// Usage: ./supersafeprogram input_file
// ------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char *strrev(char *str)
{
if (!str || ! *str)
return str;
int i = strlen(str) - 2, j = 0;
char ch;
while (i > j)
{
ch = str[i];
str[i] = str[j];
str[j] = ch;
i--;
j++;
}
return str;
}
int main(int argc, char* argv[]) {
if (argc != 2) {
printf("Usage: %s input_file\n", argv[0]);
return 1;
}
int line_num = 1;
char * line = NULL;
size_t len = 0;
ssize_t read_count;
char buffer[20];
int mode = 0;
FILE *file_pointer;
// Can't open file
if ((file_pointer = fopen(argv[1], "r")) == NULL) {
printf("Can't open %s\n", argv[1]);
exit(1);
}
while ((read_count = getline(&line, &len, file_pointer)) != -1) {
// Line 1 must be "SAFEFILEHEADER"
if (line_num == 1) {
if (read_count != 15 || strncmp("SAFEFILEHEADER\n", line, 15) != 0) {
printf("Invalid file!\n");
exit(1);
}
line_num++;
continue;
}
// Line 2 must be "A" or "Z"
else if (line_num == 2) {
if (read_count != 2) {
printf("Invalid mode!\n");
exit(1);
}
switch(line[0]) {
// Mode A prints out each line
case 'A':
mode = 1;
printf("==Mode A==\n");
break;
// Mode Z copies line to buffer variable and prints the variable
case 'Z':
mode = 2;
printf("==Mode Z==\n");
break;
// Others are invalid
default:
printf("Invalid mode!\n");
exit(1);
}
}
// Use dangerous function in mode 2
else {
if (mode == 1) {
printf("%s", line);
}
else if (mode == 2) {
strcpy(buffer, line);
printf("%s", strrev(buffer));
}
}
line_num++;
}
return 0;
}