From the course: Secure Coding in C
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Filtering string input
- [Instructor] User input is the door through which enters potential problems, unless you're careful. This code provides simple string IO fetching a string, removing the new line then outputting the string as if it were a command. No filtering is applied to the text, other than removing the new line. In this improvement I demonstrate how to remove an unwanted character, the backslash in this case. The backslash is tested for at line 15 and then replaced with a forward slash at line 17. So say you wanted a command that didn't have any backslashes in it, because maybe they're a potential exploit or whatever you want to say, and here you see the backslashes were safely converted into forward slashes. In this code the backslashes are removed completely. The original input string is kept in the input buffer and it's copied one character at a time to the output buffer. Yet in this for loop that processes the input, if a…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Authenticating numeric input2m 54s
-
(Locked)
Converting strings to numbers2m 23s
-
(Locked)
Using int values instead of char2m 32s
-
(Locked)
Reading input with fgets()4m 7s
-
(Locked)
Filtering string input4m 14s
-
(Locked)
Challenge: Confirming input1m 2s
-
(Locked)
Solution: Confirming input1m 54s
-
(Locked)
-
-
-