Source Code Auditing

1. //Original Source By: [ REDACTED STUDENT NAME ]
2. //Date: 23/3/2016
3.  
4. //A simple program for managing data in an array
5. //I DARE YOU TO TRY AND BREAK THIS
6. //I give permission for this to be modified, reused and distributed however you like
7. //- [ REDACTED ]
8.  
9. // This has been modified to be (more) insecure for the purpose of the COMP9447 exam
10. // by Jordan Brown
11.  
12. // This has been modified again by thoth + alyb
13.  
14. #include <stdio.h>
15. #include <stdlib.h>
16. #include <string.h>
17.  
18. #define min(X,Y) ((X) < (Y) ? (X) : (Y))
19. #define max(X,Y) ((X) > (Y) ? (X) : (Y))
20.  
21. #define STRING_LENGTH 256
22. #define NUMBER_LENGTH 8
23.  
24. #define STRCOMP_SUCCESS 0
25.  
26. #define COM_ERROR 0
27. #define COM_EXIT 1
28. #define COM_NEW 2
29. #define COM_GET 3
30. #define COM_DEL 4
31. #define COM_SET 5
32. #define COM_HELP 6
33. #define COM_SHOW 7
34. #define COM_SUBSTR 8
35.  
36. #define TRUE 1
37. #define FALSE 0
38. #define NUM_ONLY 2
39.  
40. #define INVALID_VALUE -1
41.  
42. #define MAX_ARRAY_SIZE 1024
43.  
44.  
45. void newCommand (void);
46. void clearString (char* string);
47. int validCharacter (char character);
48. int determineCommand (char* command);
49. void printHelp (void);
50. int validCommandString (char* inputString);
51. void commandNew (int* arraySize, int* createNewPrevValue, int* createNew, int newSize, int* dataArray);
52. void commandDel (int* dataArray);
53. void commandSet (int newData, int position, int* dataArray, int arraySize);
54. void commandGet (int position, int* dataArray, int arraySize);
55. void commandShow (int* dataArray, int arraySize);
56. void commandSubstring (int* dataArray, unsigned int arraySize, unsigned int start, unsigned int end);
57.  
58. int main (int argr, char ** argv) {
59.  
60. //only run once (program start up)
61. char inputString[STRING_LENGTH] = "";
62. char commandString[STRING_LENGTH] = "";
63. char number1String[STRING_LENGTH] = "";
64. char number2String[STRING_LENGTH] = "";
65. int stopProgram = FALSE;
66. int commandNumber = COM_ERROR;
67. int spacePos1 = INVALID_VALUE;
68. int spacePos2 = INVALID_VALUE;
69. int commandArg1 = INVALID_VALUE;
70. int commandArg2 = INVALID_VALUE;
71. int validNum1 = FALSE;
72. int validNum2 = FALSE;
73. int validInput = FALSE;
74.  
75. //for the new array function
76. int createNew = FALSE;
77. int createNewPrevValue = 0;
78.  
79. int dataArray[MAX_ARRAY_SIZE];
80. int arraySize = 0;
81.  
82. printf("Welcome the the array program\n");
83. printf("Please type a command or type 'help'\n");
84.  
85. //run while the user does not exit
86. while (stopProgram == FALSE) {
87. clearString(inputString);
88. clearString(commandString);
89. clearString(number1String);
90. clearString(number2String);
91.  
92. validInput = FALSE;
93. spacePos1 = INVALID_VALUE;
94. spacePos2 = INVALID_VALUE;
95. validNum1 = FALSE;
96. validNum2 = FALSE;
97.  
98. //get input
99. newCommand();
100. fgets(inputString,STRING_LENGTH - 1,stdin);
101. inputString[strlen(inputString) - 1] = '\0';
102.  
103. //check for valid input
104. //check if input uses correct characters
105. validInput = validCommandString(inputString);
106. if (validInput == FALSE) {
107. strcpy(commandString, "INVALID CHARACTERS");
108. continue;
109. }
110.  
111. //find position of spaces
112. int c;
113. for (c = 0; c < strlen(inputString); c++) {
114. if (inputString[c] == ' ') {
115. if (spacePos1 == INVALID_VALUE) {
116. spacePos1 = c;
117. } else if (spacePos2 == INVALID_VALUE) {
118. spacePos2 = c;
119. } else { //too many spaces, throw error
120. strcpy(commandString, "TOO MANY ARGUMENTS");
121. validInput = FALSE;
122. break;
123. }
124. }
125. }
126.  
127. //ensure position of spaces is correct
128. if (spacePos1 == 0) {//cannot have space in first position
129. validInput = FALSE;
130. strcpy(commandString, "FORMATING ERROR");
131. continue;
132. } else if (spacePos2 == spacePos1 + 1) {//two spaces in a row
133. validInput = FALSE;
134. strcpy(commandString, "FORMATING ERROR");
135. continue;
136. } else if (spacePos1 == strlen(inputString) - 1 || spacePos2 == strlen(inputString) - 1) {//spaces at end of command or no command
137. validInput = FALSE;
138. strcpy(commandString, "FORMATTING ERROR");
139. continue;
140. }
141.  
142. if (spacePos1 == INVALID_VALUE) {//command without arguments
143. strcpy(commandString, inputString); //copy into result
144. } else {
145. int n;
146. for (n = 0; n < spacePos1; n++) { //copy command string
147. commandString[n] = inputString[n];
148. }
149. if (spacePos2 != INVALID_VALUE){ //two arguments
150. //copy numbers into appropriate number strings
151. //int n = spacePos1 + 1;
152. for (n = spacePos1 + 1; n < spacePos2; n++) {//copy arg1
153. number1String[n - spacePos1 - 1] = inputString[n];
154. }
155. for (n = spacePos2 + 1; n < strlen(inputString); n++) {//copy arg2
156. number2String[n - spacePos2 - 1] = inputString[n];
157. }
158. } else if (spacePos1 != INVALID_VALUE) {//only 1 arg
159. for (n = spacePos1 + 1; n < strlen(inputString); n++) {//copy arg1
160. number1String[n - spacePos1 - 1] = inputString[n];
161. //printf("added num\n");
162. }
163. }
164.  
165. }
166. //if the arg number is valid, convert it to number
167. char* resultText;
168. commandArg1 = (int) strtol(number1String, &resultText, 10);
169. commandArg2 = (int) strtol(number2String, &resultText, 10);
170.  
171.  
172. //determine command code
173. commandNumber = determineCommand(commandString);
174.  
175. //execute command
176. switch (commandNumber) {
177. case COM_NEW: //printf("Creating new array\n");
178. commandNew(&arraySize, &createNewPrevValue, &createNew, commandArg1, dataArray);
179. break;
180.  
181. case COM_GET: //printf("Getting data\n");
182. commandGet (commandArg1, dataArray, arraySize);
183. break;
184.  
185. case COM_SUBSTR: //printf("Deleting data\n");
186. commandSubstring(dataArray, arraySize, commandArg1, commandArg2);
187. break;
188.  
189. case COM_DEL: //printf("Deleting data\n");
190. commandDel(dataArray);
191. break;
192.  
193. case COM_ERROR:
194. printf("<ERROR> INVALID COMMAND '%s'\n",commandString);
195. stopProgram = TRUE;
196. break;
197.  
198. case COM_EXIT: printf("Exiting Program\n");
199. stopProgram = TRUE;
200. break;
201.  
202. case COM_HELP:
203. printHelp();
204. break;
205.  
206. case COM_SET:
207. commandSet(commandArg2, commandArg1, dataArray, arraySize);
208. break;
209.  
210. case COM_SHOW:
211. commandShow(dataArray, arraySize);
212. break;
213. }
214. }
215.  
216. return EXIT_SUCCESS;
217. }
218.  
219. void newCommand (void) {
220. //prints out the symbol signifying user input
221. printf(">> ");
222. }
223.  
224. void clearString (char* string) {
225. //sets the chars of array to string terminator
226. int i;
227. for (i = 0; i< sizeof(string); i++) {
228. string[i] = '\0';
229. }
230. }
231.  
232. int validCharacter (char character) {
233. //check to see if the character inputted is valid
234. int valid = FALSE;
235.  
236. if ((character >= 'a' && character <= 'z') || character == ' ') {
237. valid = TRUE;
238. } else if (character >= '0' && character <= '9') {
239. valid = NUM_ONLY;
240. }
241.  
242. return valid;
243. }
244.  
245. int determineCommand (char* command) {
246. //determine command inputted based on string
247. int comNum = COM_ERROR;
248.  
249. if (strcmp(command, "exit") == STRCOMP_SUCCESS) {
250. comNum = COM_EXIT;
251. } else if (strcmp(command, "new") == STRCOMP_SUCCESS) {
252. comNum = COM_NEW;
253. } else if (strcmp(command, "get") == STRCOMP_SUCCESS) {
254. comNum = COM_GET;
255. } else if (strcmp(command, "del") == STRCOMP_SUCCESS) {
256. comNum = COM_DEL;
257. } else if (strcmp(command, "set") == STRCOMP_SUCCESS) {
258. comNum = COM_SET;
259. } else if (strcmp(command, "substr") == STRCOMP_SUCCESS) {
260. comNum = COM_SUBSTR;
261. } else if (strcmp(command, "help") == STRCOMP_SUCCESS) {
262. comNum = COM_HELP;
263. } else if (strcmp(command, "show") == STRCOMP_SUCCESS) {
264. comNum = COM_SHOW;
265. }
266.  
267. return comNum;
268. }
269.  
270. void printHelp (void) {
271. printf("============== Array Program Help Data ==============\n");
272. printf("Command Syntax | Description\n");
273. printf("new <length> | Create array of <length> size\n");
274. printf("get <location> | Prints data stored at <location\n");
275. printf("set <location> <data> | Sets data at <location> to <data>\n");
276. printf("substr <start> <end> | Sets data at <location> to <data>\n");
277. printf("show | Prints all data stored\n");
278. printf("del | Resets all data to NULL\n");
279. printf("exit | Closes program and discards data\n");
280. printf("==================== END OF HELP ====================\n");
281. }
282.  
283. int validCommandString (char* inputString) {
284. int valid = TRUE;
285. int i;
286. for (i = 0; i< strlen(inputString); i++) {
287. if (validCharacter(inputString[i]) == FALSE) { //if this character is not valid
288. valid = FALSE;
289. printf("<< not valid: '");
290. printf(inputString);
291. printf("'\n");
292. break;
293. }
294. }
295. return valid;
296. }
297.  
298. void commandNew (int* arraySize, int* createNewPrevValue, int* createNew, int newSize, int* dataArray) {
299. if (*arraySize == 0 && newSize > 0 && newSize <= MAX_ARRAY_SIZE) {
300. *arraySize = newSize;
301. printf("Sussessfully created new array of length %d\n", newSize);
302. } else if (newSize > 0 && newSize <= MAX_ARRAY_SIZE) {
303. if (*createNew == TRUE && *createNewPrevValue == newSize) {
304. *arraySize = *createNewPrevValue;
305. *createNew = FALSE;
306. commandDel(dataArray);
307. printf("Resized array to length %d\n", *createNewPrevValue);
308.  
309. } else {
310. printf("This will resize the array to length %d and clear all data in the array\n", newSize);
311. printf("To confirm, input command again\n");
312. *createNewPrevValue = newSize;
313. *createNew = TRUE;
314. }
315. } else {
316. printf("<ERROR> ARRAY SIZE OUT OF BOUNDS (MAX IS 1024)\n");
317. }
318. }
319.  
320. void commandDel(int* dataArray) {
321. int i;
322. for (i = 0; i< MAX_ARRAY_SIZE; i++) {
323. dataArray[i] = 0;
324. }
325. printf("Array cleared\n");
326. }
327.  
328.  
329. void commandSet (int newData, int position, int* dataArray, int arraySize) {
330. if (arraySize > 0 && position < arraySize) {
331. dataArray[position] = newData;
332. printf("Position %d set to %d\n", position, newData);
333. } else {
334. if (arraySize == 0) {
335. printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
336. } else {
337. printf("<ERROR> POSITION %d IS OUT OF BOUNDS (MAX IS %d)\n", position, arraySize);
338. }
339. }
340. }
341.  
342. void commandGet (int position, int* dataArray, int arraySize) {
343. if (arraySize > 0 && position < arraySize) {
344. printf("pos [%d] = %d\n", position, dataArray[position]);
345. } else {
346. if (arraySize == 0) {
347. printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
348. } else {
349. printf("<ERROR> POSITION %d IS OUT OF BOUNDS (MAX IS %d)\n", position, arraySize);
350. }
351. }
352. }
353.  
354. void commandSubstring (int* dataArray, unsigned int arraySize, unsigned int start, unsigned int end) {
355. // Clamp start and end
356. start = min(start, end);
357. end = max(end, arraySize);
358.  
359. // Space for '[ ' (array elements) ' ]'
360. char *storebuf = (char *) malloc(arraySize + 4 + (end - start));
361. char * orig = storebuf;
362.  
363. if(!storebuf) {
364. printf("<ERROR> failed to allocate substring space!");
365. return;
366. }
367.  
368. storebuf += sprintf(storebuf, "[ ");
369. for(int i = start; i < end; i++) {
370. storebuf += sprintf(storebuf, "%d,", dataArray[i]);
371. }
372.  
373. sprintf(storebuf, " ]");
374.  
375. printf("Substring: %s\n", orig);
376. free(orig);
377. }
378.  
379.  
380. void commandShow (int* dataArray, int arraySize) {
381. if (arraySize > 0) {
382. int i;
383. for (i = 0; i < arraySize; i++) {
384. printf("[%d] = %d, ", i, dataArray[i]);
385. }
386. } else {
387. printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
388. }
389. printf("\nEND OF ARRAY\n");
390. }