Sprintf can not work in ruby c source?


#1

here is my simple test:
where is my mistake??

#include “ruby.h”
#include “stdio.h”
static VALUE
tests(){
char *s1=“a “;
char *s2=” b”;
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}


#2

On 5/1/07, Haoqi H. removed_email_address@domain.invalid wrote:

char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}

Um, you realize you’re writing right into a random memory location? If
you’re not an experienced C programmer, you may want to reconsider your
project to write a Ruby extension.


#3

In article removed_email_address@domain.invalid Haoqi
Haoqi removed_email_address@domain.invalid wrote:

sprintf(buf,"%s after %s",s1,s2);
printf(buf);

return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}

I guess your problem is that buf is an uninitialized pointer pointing to
an
arbitrary memory location. If you declare it like this
char buf[200]
your program should work.


#4

Maik Schmidt wrote:

In article removed_email_address@domain.invalid Haoqi
Haoqi removed_email_address@domain.invalid wrote:

sprintf(buf,"%s after %s",s1,s2);
printf(buf);

return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}

I guess your problem is that buf is an uninitialized pointer pointing to
an
arbitrary memory location. If you declare it like this
char buf[200]
your program should work.
Oh,Yes,Thank you very much!~

C:\ext\1>ruby client.rb
a after b
:slight_smile:


#5

Francis C. wrote:

On 5/1/07, Haoqi H. removed_email_address@domain.invalid wrote:

char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}

Um, you realize you’re writing right into a random memory location? If
you’re not an experienced C programmer, you may want to reconsider your
project to write a Ruby extension.
I am not an experienced C programmer,and just learn to write a Ruby
extension with c.


#6

In message removed_email_address@domain.invalid, Haoqi
Haoqi writes:

here is my simple test:
where is my mistake??

#include “ruby.h”
#include “stdio.h”
static VALUE
tests(){
char *s1=“a “;
char *s2=” b”;
char *buf;
sprintf(buf,"%s after %s",s1,s2);

Right about here.

“buf” is a pointer.

Where, exactly, do you think it points? Have you told the compiler to
point
it AT anything?

-s


#7

In message removed_email_address@domain.invalid, Haoqi
Haoqi writes:

I am not an experienced C programmer,and just learn to write a Ruby
extension with c.

Don’t.

I consider myself a reasonably experienced C programmer, and I’d still
want to be sure I was brushed up and current before trying to write an
extension plugin. Even in a well-planned environment, writing plugins
is on the heavy-duty end.

Seriously, just don’t. Hire someone. Write it in pure Ruby.

Or… Budget 3-6 months to learn C well enough to do it competently.

-s


#8

On 5/1/07, Haoqi H. removed_email_address@domain.invalid wrote:

char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function(“tests”,tests,0);
}

You have to be very careful when working with c. The code above has a
couple of classic security vulnerabilities.

Since you are not dealing with user-controlled buffers, it’s not that
big of
a deal, but here’s a couple tips:

  1. in general, don’t use sprintf. use snprintf().

char * s1 = "a ";
char * s2 = “b “;
char buf[1024];
snprintf(buf,sizeof(buf),”%s after %s”,s1,s2);

  1. always use a string literal as the format string to functions which
    take
    them ( printf() , snprintf() , etc… ):

printf("%s",buf);

If you’re interested in what can be done if these errors are made, check
out
these papers:

http://doc.bughunter.net/buffer-overflow/smash-stack.html
http://doc.bughunter.net/format-string/exploit-fs.html

-Adam


#9

On 5/1/07, Peter S. removed_email_address@domain.invalid wrote:

extension plugin. Even in a well-planned environment, writing plugins
is on the heavy-duty end.

Seriously, just don’t. Hire someone. Write it in pure Ruby.

Or… Budget 3-6 months to learn C well enough to do it competently.

-s

I’ll disagree somewhat here. There are things C does much faster than
Ruby
does. Application performance is not everything, but there are cases
where
moving code to a C extension makes the difference between being able to
use
ruby and not being able to.

Writing an extension in C is, to me, much easier than learning C by
itself,
because there are a bunch of things that you can let ruby handle that
are
just a pain in C (mainly I/O things).


#10

You have to be very careful when working with c. The code above has a
couple of classic security vulnerabilities.

Have there been any studies on the security implications of using Ruby?


#11

On 5/1/07, Adam B. removed_email_address@domain.invalid wrote:

char *s2=" b";

You have to be very careful when working with c. The code above has a
snprintf(buf,sizeof(buf),"%s after %s",s1,s2);
http://doc.bughunter.net/format-string/exploit-fs.html
Thanks for the links Adam.