forked from RPISEC/MBE
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lab4C.c
66 lines (55 loc) · 1.84 KB
/
lab4C.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
/*
* Format String Lab - C Problem
* gcc -z execstack -z norelro -fno-stack-protector -o lab4C lab4C.c
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#define PASS_LEN 30
int main(int argc, char *argv[])
{
char username[100] = {0};
char real_pass[PASS_LEN] = {0};
char in_pass[100] = {0};
FILE *pass_file = NULL;
int rsize = 0;
/* open the password file */
pass_file = fopen("/home/lab4B/.pass", "r");
if (pass_file == NULL) {
fprintf(stderr, "ERROR: failed to open password file\n");
exit(EXIT_FAILURE);
}
/* read the contents of the password file */
rsize = fread(real_pass, 1, PASS_LEN, pass_file);
real_pass[strcspn(real_pass, "\n")] = '\0'; // strip \n
if (rsize != PASS_LEN) {
fprintf(stderr, "ERROR: failed to read password file\n");
exit(EXIT_FAILURE);
}
/* close the password file */
fclose(pass_file);
puts("===== [ Secure Access System v1.0 ] =====");
puts("-----------------------------------------");
puts("- You must login to access this system. -");
puts("-----------------------------------------");
/* read username securely */
printf("--[ Username: ");
fgets(username, 100, stdin);
username[strcspn(username, "\n")] = '\0'; // strip \n
/* read input password securely */
printf("--[ Password: ");
fgets(in_pass, sizeof(in_pass), stdin);
in_pass[strcspn(in_pass, "\n")] = '\0'; // strip \n
puts("-----------------------------------------");
/* log the user in if the password is correct */
if(!strncmp(real_pass, in_pass, PASS_LEN)){
printf("Greetings, %s!\n", username);
system("/bin/sh");
} else {
printf(username);
printf(" does not have access!\n");
exit(EXIT_FAILURE);
}
return EXIT_SUCCESS;
}