How to format text in C



  • Check out what I get to rewrite properly... A bunch of programs written like this.

    void format_files(char domainname[])

    {

    char format1[400]; //-Stores the 'cat' formatting string-//

    char format11[400]; //-Stores the second 'cat' formatting string-//

    char format2[400]; //-Stores the 'awk' formatting string-//

    /******************************************************************/



    /
    Format the results from the routers ****************************/

    (void) sprintf(format1, "cat /usr/local/www/proc_files/arpdb/%s-3.txt | sed -e 's/IP-MIB::ipNetToMediaPhysAddress.//g' -e 's/=//g' > /usr/local/www/proc_file
    s/arpdb/%s-2.txt",domainname,domainname);

    (void) system(format1);

    // eliminate the string STRING between the ip address and mac address

    (void) sprintf(format11, "cat /usr/local/www/proc_files/arpdb/%s-2.txt | sed -e 's/STRING://g' -e 's/=//g' > /usr/local/www/proc_files/arpdb/%s-21.txt",domai
    nname,domainname);

    (void) system(format11);

    /
    Format the file some more */

    (void) sprintf(format2, "awk -F. '{print $2"."$3"."$4"."$5}' /usr/local/www/proc_files/arpdb/%s-21.txt > /usr/local/www/proc_files/arpdb/%s-1.txt",doma
    inname,domainname);

    (void) system(format2);

        //printf("domain = %s in format_files\n",domainname);<br>
    

    }


    Stupid thing ate my formatting. >:(



  • The power and easiness of bash combined with the speed of string formatting in C!



  • @Thalagyrt said:

    Check out what I get to rewrite properly... A bunch of programs written like this.

     

    Go home and get your gun.  If you don't have one, go buy one. 

     

    Then go find the SOB who wrote this... 



  • At this point it'd just be easier to use it on himself.



  • The person who wrote that is obviously a rookie - it doesn't even use XML!



  • Wow... that is wtf (in both senses) on more than one level.  This seems to be running as root (or there is some weird file permissions), so this is ripe for injection attacks... if the attacker ever could figure out how to get a command injected into these system calls.  I am not even going to attempt to wrap my head around the rest of the problems.



  • @WeatherGod said:

    Wow... that is wtf (in both senses) on more than one level.  This seems to be running as root (or there is some weird file permissions), so this is ripe for injection attacks... if the attacker ever could figure out how to get a command injected into these system calls.  I am not even going to attempt to wrap my head around the rest of the problems.



    It was most definitely running as root.



    Also, I was able to log into the webapp with the username and password of "blah' or username='someonesusername'--" sans the double quotes on the outside. That's fixed as well now (it was fixed by me about 2 years ago) Also, since register_globals is dangerous, that was disabled. But that was inconvenient, so there was code that mimicked that behavior using extract($_REQUEST); extract($_COOKIES); extract($_FILES); etc etc.



  • Wow you are brave! Good luck to you!


  • Discourse touched me in a no-no place

    @Thalagyrt said:

    Stupid thing ate my formatting. >:(

     

    Feel happy. It broke even more on the email version:

    Posted By: Thalagyrt in "Side Bar" WTF
    Subject: How to format text in C
    ______________________________

    <wbr>____


    Check out what I get to rewrite properly... A bunch of programs written like this.

    void format_files(char domainname[])
    {
    char format1[400]; //-Stores the 'cat' formatting string-//
    char format11[400]; //-Stores the second 'cat' formatting string-//
    char format2[400]; //-Stores the 'awk' formatting string-//
    /<wbr><wbr>***********/

        /***** Format the results from the routers *****************************/
        (void) sprintf(format1, "cat /usr/local/www/proc_files<wbr>/arpdb/%s-3.txt | sed -e 's/IP-MIB::ipNetToMediaPhysAddr<wbr>ess.//g' -e 's/=//g' &gt; /usr/local/www/proc_file
    

    s/arpdb/%s-2.txt",domainname,domainname);
    (void) system(format1);
    // eliminate the string STRING between the ip address and mac address
    (void) sprintf(format11, "cat /usr/local/www/proc_files<wbr>/arpdb/%s-2.txt | sed -e 's/STRING://g' -e 's/=//g' > /usr/local/www/proc_files<wbr>/arpdb/%s-21.txt",domai
    nname,domainname);
    (void) system(format11);
    /* Format the file some more */
    (void) sprintf(format2, "awk -F. '{print $2"."$3"."$4"."$5}' /usr/local/www/proc_files<wbr>/arpdb/%s-21.txt > /usr/local/www/proc_files<wbr>/arpdb/%s-1.txt",doma
    inname,domainname);
    (void) system(format2);

        //printf("domain = %s in format_files\n",domainname);
    

    }

    __________________________<wbr>

    You were sent this email because you opted to receive email
    notifications when someone created a new thread, or replied to
    a topic within this forum, "Side Bar" WTF.

     

     This is not untypical of the email version - is it worth complaining about it?

     



  • Why connect two files with one pipe when you can connect four files with three pipes?  And don't say "for debugging", because that's what tee is for.

     



  • Can this be an attempt to hide the script code into an executable? Because that bizarre idea is the only one that I can think about atm...

     

    It looks like a brief tour into hell of inherited code :D 



  • @Thalagyrt said:

    Check out what I get to rewrite properly... A bunch of programs written like this.

    void format_files(char domainname[])

    {

    char format1[400]; //-Stores the 'cat' formatting string-//

    char format11[400]; //-Stores the second 'cat' formatting string-//

    char format2[400]; //-Stores the 'awk' formatting string-//

    /******************************************************************/



    /
    Format the results from the routers ****************************/

    (void) sprintf(format1, "cat /usr/local/www/proc_files/arpdb/%s-3.txt | sed -e 's/IP-MIB::ipNetToMediaPhysAddress.//g' -e 's/=//g' > /usr/local/www/proc_file
    s/arpdb/%s-2.txt",domainname,domainname);

    (void) system(format1);

    // eliminate the string STRING between the ip address and mac address

    (void) sprintf(format11, "cat /usr/local/www/proc_files/arpdb/%s-2.txt | sed -e 's/STRING://g' -e 's/=//g' > /usr/local/www/proc_files/arpdb/%s-21.txt",domai
    nname,domainname);

    (void) system(format11);

    /
    Format the file some more */

    (void) sprintf(format2, "awk -F. '{print $2"."$3"."$4"."$5}' /usr/local/www/proc_files/arpdb/%s-21.txt > /usr/local/www/proc_files/arpdb/%s-1.txt",doma
    inname,domainname);

    (void) system(format2);

        //printf("domain = %s in format_files\n",domainname);<br>
    

    }


    Stupid thing ate my formatting. >:(

    Oh wow - is there any way to get that function called with domainname set to "x.txt | rm -rf / | cat x" ?
     



  • WTF are you all complaining about?

    I mean, at least it's cross-platfo..... no, wait. At least it's thread-saf...... no, wait. At least it can be replaced by a very small shell script. :)



  • It was originally done in C because it needed a database connection (or 7, because apparently for some reason it isn't possible to make more than one query per connection, which is a load of crap.) The reason for all the system calls is because he didn't know how to do string manipulation in C, and didn't know how to use libsnmp to do SNMP walks. So he shelled out to snmpwalk, outputted that to a file, and made a bunch of calls to sed and awk to format it into just IP addresses and MACs. I rewrote the thing as a simple CLI PHP script in about 20 minutes, it runs about 5 times faster without writing up a total of 60 files for each run...


Log in to reply