Synfire's Guide to C++

8. Character Arrays

In this section we will include a different header called string.h. This is the library for strings and sub routines. Another name for Character Arrays are strings. Strings is an array that is holding a collection of characters. The first thing I will cover is how to declare strings. There are two ways to declare a string:

1.
    char * string[] = "Your string here";
    // This method assigns the string the value
    // upon creation.
2.
    char * string[25];
    // This method creates the string and
    // sets a maximum length.

Now that isn't that hard, but assigning a string value to it, well lets just continue. :-/ To accept input into a string we must once again bring out the iostream.h header. This header, along with cout and cin, comes with another useful command, get. Get will insert everything the user types in, into the array. Then if the array is too small, it cuts the string down to size. Here is an example of how get works.

getline.cpp
#include <iostream.h>
#include <string.h>

char * s[32];
// The string is defined

int main()
{
    cout << "username: ";
    // The user is prompted to input a string

    cin.get(s, 31);
    // this is the getline statement that allows
    // you to read in the user input

    cin.ignore();
    // This is used to catch the carrage return
    // after the user hits enter.

    cout << "Welcome " << s;
    // prints a welcome message to the user

    return 0;
}
Now wasn't that easy. The rest of this chapter will be in total example, just read the comments as you go over it and you will see what I'm doing. First I use the 'cin.get()' function to assign the user input into the 's' character array. Then I use 'cin.ignore()' to make the program stop reading after you type enter.

The next example show some of the commands within string.h.

stringhexamle.h
#include <iostream.h>
#include <string.h>

char * FirstName[32]; // creates a string for the first name
char * LastName[32]; // creates a string for the last name
char * CopyOfString[64]; // creates a string to copy to
char * FullName=""; // creates a string for the full name
int StringCompared; // creates an int variable to hold test
            // results.

int main()
{
    cout << "Enter your first name: ";
    cin >> FirstName;
            // Gets the first name from the user

    cout << "Enter your last name: ";
    cin >> LastName;
            // Gets the last name from the user

    strcat(FullName, FirstName);
            // Writes the FirstName into FullName

    strcat(FullName, LastName);
            // Writes the LastName into FullName

    cout << "Your fullname: " << FullName << endl;
            // Outputs the First and Last Names
            // to the screen with a space in between

    strncpy(CopyOfString, FullName, 63);
            // Makes a copy of FullName, note the 63
            // this allows space for the \0 character
            // that lets the computer know where the
            // end is. Don't worry too much about this
            // just always put the number 1 smaller than
            // the CopyOfString's size

    StringCompared = strcmp(FirstName, LastName);
            // Compares FirstName to LastName
            // and returns an int letting the
            // the user know if the names are
            // bigger smaller or equal to each
            // other

    // This if statement is pretty self explanitory
    // I'll let you figure it out.

    if (StringCompared == 0)
    {
     cout << "Your first and last name are the same." << endl;
    }
    else if (StringCompared > 0)
    {
     cout << "Your first name is bigger." << endl;
    }
    else
    {
     cout << "Your last name is bigger." << endl;
    }
    return 0;
}
Okay that is all I'm gonna cover on strings. But I am gonna take this moment to explain a little hackers trick called a BufferOverflow and how you can keep one from showing up in one of your programs. Use this information how you want, I AM NOT RESPONSIBLE!

Buffer Overflow exploits
When writing programs, your programs are executed information is moved around the STACK.

A stack is a special area of memory allocated to hold data required by each of the functions in your program.

As your program moves down the stack executing each of the CO-OPS, binary instructions held in a part of memory called the Code Space, and assigning values to memory addresses and REGISTERS, special areas of memory built into the CPU that keeps track of which line of code is executed next, your program keeps restrictions on how much information is pushed onto the stack.

But, when a sloppy programmer writes a program that is running as root, an attacker can fill the program with trash data, such as a row of 'X's, that will cause the program to crash.

Once the program crashes all commands are dumped into the shell.

This is were skilled programmers/hackers come in.

We have learned that if you write enough x's then you can overwrite the return address, causing the program to execute a command with ownership of that program. If the program is running as root or super user, the attacker is executing commands at that UID.

Now that you know how buffer overflows work, you may be asking "What kind of errors cause them?".

Well, the main error that causes them is misuse/use of a string.h function called strcpy.

Strcpy, unlike strncpy that I showed you earlier, does not have a maximum length argument and that can be VERY dangerous.

Looking at the syntax of strncpy you see that you have 3 arguments, the array to copy to, the array to copy from, and a maximum length the array is allowed to copy.

Strcpy on the other hand has 2 arguments, the array to copy to and the array to copy from.

This is what happens, if the 'from' array is larger than the 'to' array, and the programmer used strcpy instead of setting a max limit with strncpy, then the attacker can fill the 'from' array with the same a lot of x's and then insert some assembler instructions that execute a command.

The most popular command is one that sends the attacker a shell. Unfortunately, if this program is running as root/super user then the attacker is given a root/super user shell.

This problem is why I didn't show the usage of strcpy in this section, and honestly unless you plan to r00t the users box, there is no legit reason to use strcpy instead of strncpy.

If you want to learn more about this, I suggest learning a little assembler, then get a tutorial called 'Smashing the Stack for Fun and Profit' it is a good tutorial and it explains this in full detail.

Summary
In this section you learned about string manipulations and how to define and use character arrays.

< < < Lesson 7: Arrays | Lesson 9: File I/O > > >



Join a friendly community. Chat and play games. Shadow-Corp.