[Klone-users] Downloading files with Klone
thomas fossati
tho at koanlogic.com
Thu Nov 29 16:01:44 EST 2007
Hi Alvaro,
On Nov 29, 2007, at 7:50 PM, thomas fossati wrote:
> On Nov 29, 2007, at 7:27 PM, Alvaro Pereira wrote:
>> <%!
>> #include <string.h>
>> #include <stdio.h>
>> %>
>> <html>
>> <head>
>> </head>
>> <body>
>> <%
>> int len;
>> char *name, *logFileName;
>> FILE *fp;
>> char buf[1024];
>>
>> logFileName = session_get(session, "file");
>>
>>
>> response_set_content_type(response, "text/plain");
>>
>> strcpy(name, "c:\\folder\\");
>
> it seems you are writing to non malloc'd mem address (name).
a nice side-effect of having LibU built-in into KLone is that you can
take advantage of its many ready-to-use functions and macros (see
http://wiki.koanlogic.com/doku.php?id=libu and
http://www.koanlogic.com/libu/api/html/modules.html for details) "for
free".
An example, which may fit quite well the code you have given above, is
BSD strlcpy/strlcat.
Those functions provide a clever API for doing effective and safe
string manipulation in C, to avoid buffer overflows and detect
truncation.
Perhaps you could do something like:
#include <u/libu.h>
{
char name[U_FILENAME_MAX];
/* ... */
(void) strlcpy(name, "c:\\folder\\", sizeof name);
/* here you can detect string truncation - you may want to more
* then just print a debug string here */
dbg_if (strlcat(name, logFileName, sizeof name) >= sizeof name);
/* ... */
}
Also, in this case, you could have used u_path_snprintf() which does
the same in a slightly more compact way.
In general LibU can save you a lot of typing, so it is something which
is worth knowing - all the more that your application already links it
:)
ciao, t.
More information about the klone-users
mailing list