Man, when I'm working with regular expressions I find that almost every time I need to do a find and replace, I need to build the replacement conditionally out of the various bits I put in parentheses in the original expression I was searching for. However, most regex libraries' "replace all" functionality doesn't seem to allow this, and I am left with a loop like the following (Python example):
for line in lines:
match = re.search( my_expression, line )
while match:
replacement = match[ 1 ] + some_text + match[ 2 ]
new_line = re.sub( my_expression, replacement, line )
match = re.search( my_expression )
Or, alternately:
for line in lines:
while true:
match = re.search( my_expression, line )
if not match:
break
replacement = match[ 1 ] + some_text + match[ 2 ]
new_line = re.search( my_expression, replacement, line )
This is all because you can't access the match object in the "replace all" function. Is there a clever way to achieve the same result that I am missing?
Man, when I'm working with regular expressions I find that almost every time I need to do a find and replace, I need to build the replacement conditionally out of the various bits I put in parentheses. However, most regex libraries' "replace all" functionality doesn't seem to allow this, and I am left with a loop like the following (Python example):
for line in lines:
match = re.find( my_expression, line )
while match:
replacement = match[ 1 ] + some_text + match[ 2 ]
new_line = re.replace( my_expression, line, replacement )
match = re.find( my_expression )
Or, alternately:
for line in lines:
while true:
match = re.find( my_expression, line )
if not match:
break
replacement = match[ 1 ] + some_text + match[ 2 ]
new_line = re.replace( my_expression, line, replacement )
This is all because you can't access the match object in the "replace all" function. Is there a clever way to achieve the same result that I am missing?
I'm a little confused, mainly because the re package doesn't have find() or replace() methods ;-)
Python lets you use backreferences and named groups in the sub and subn methods (which are used to replace text), so if there is a normal group you can reference it in the replacement string with \1 (for the first matching group). If you used a named group like '(?P<foo>bar)' you can reference it in the replacement string with '\g<foo>' which will insert the match text (bar) into the replacement string. You can also use the same notation with a number to do the same thing as \1 ('\g<1>') which can make things a little less ambiguous in some cases.
I highly recommend reading this for a nice explanation on using regular expressions in Python.
Barrakketh on
Rollers are red, chargers are blue....omae wa mou shindeiru
Yeah I edited in some corrections, I can never fucking remember how to use certain Python modules (something about the brief naming scheme makes it never stick in my memory) so I just made it up to save time.
I thought back references ought to be possible, thanks a lot.
In my attack objects, I want it so if an attack fails/misses, a message appears in some generic server control (a div, or label, or something along those lines). My problem is that I'm not entirely sure how to do it without breaking encapsulation. Right now, my attack object looks like:
Abstract base Attack class -
public abstract class Attack
{
protected int level;
protected string name;
protected int tpCost;
protected double dmgModifier;
protected double hitPenalty;
public Attack(int level, string name, int tpCost, double dmgModifier, double hitPenalty)
{
this.level = level;
this.name = name;
this.tpCost = tpCost;
this.dmgModifier = dmgModifier;
this.hitPenalty = hitPenalty;
}
public abstract void ExecuteAttack();
public int Level
{
get { return this.level; }
set { this.level = value; }
}
public string Name
{
get { return this.name; }
set { this.name = value; }
}
public int TPCost
{
get { return this.tpCost; }
set { this.tpCost = value; }
}
public double DMGModifier
{
get { return this.dmgModifier; }
set { this.dmgModifier = value; }
}
public double HitPenalty
{
get { return this.hitPenalty; }
set { this.hitPenalty = value; }
}
}
HackerAttack child class -
public class HackerAttack : Attack
{
public HackerAttack(int level, string name, int tpCost, double dmgModifier, double hitPenalty) :
base(level, name, tpCost, dmgModifier, hitPenalty) { }
public override void ExecuteAttack()
{
Character attacker = (Character)System.Web.HttpContext.Current.Session["attacker"];
Character target = (Character)System.Web.HttpContext.Current.Session["target"];
double chanceToHit = attacker.ChanceToHit - this.hitPenalty;
int damage = (int)((this.dmgModifier * (1 + attacker.DMGModifier)) * attacker.DMG);
Random random = new Random();
if (chanceToHit >= random.NextDouble())
{
target.CurrentHP = target.CurrentHP - damage;
}
else
{
//unsuccessful
}
}
}
The other two character classes have similar attack objects that they use. The only appreciable difference is the math used to calculate damage after a successful attack.
That said, I'd like to be able to report something like:
"attacker.Name fired at target.Name, but missed!"
On the screen. I'm just unsure if I should have it pass the message back up to the Character object that contains this attack, which then passes it back to the Page I'm in, or if it should attempt to directly access the Page and the right server control. I want to code this the 'right' .NET way.
I'd recommend passing ExecuteAttack two arguments, attacker and target, instead of retrieving them from the HTTP session variables. You should be handling Character objects well before you get to the Attack methods, a place like ExecuteAttack isn't a place for tying things to implementation specifics like HTTP.
On the same token, you should have an event/message class system that you can call that doesn't care about "oh hey this is HTML" that you can call in your success/fail clauses. Leave the gritty details of how you relay the message encapsulated in the messaging classes, not in your game logic.
So I've got this assignment where I need to basically take in a username and password, check if the password is actually strong, then hash the password with a salt concatenated to the end. However, for some reason, my program is eating the password string/not concatenating the salt to the end of it. Can anyone tell my why my code is doing this? It always seems to happen after reading in the bytes from dev/urandom to get a salt.
#include <stdio.h>
#include <openssl/evp.h>
#include "/usr/local/include/packer.h"
main (int argc, char *argv[])
{
char input[50];
char usr[20];
char pw[20];
char salt[16];
char hash[40];
char passsalt[100];
unsigned char bytes[7];
int i=0;
FILE *fp;
while(1)
{
printf("Please enter your user name:\n");
scanf("%s",input);
if(strlen(input) > 20)
{
printf("User name is too long, please enter another:\n");
}
else
break;
}
strncpy(usr, input, strlen(input));
printf("Username is %s, strlen = %d\n", usr, strlen(usr));
while(1)
{
printf("Please enter your password:\n");
scanf("%s",input);
if(strlen(input) > 20)
{
printf("Password is too long, please try again\n");
}
else
{
if(FascistCheck(input, "/usr/local/libdata/cracklib/pw_dict") == NULL)
break;
else
{
printf("%s is not a strong enough password, please try again\n", input);
}
}
}
strncpy(pw, input, strlen(input));
printf("PW = %s, length = %d\n", pw, strlen(pw));
for(i=0; i <strlen(pw); i++)
printf("pw[%d] = %c\n", i, pw[i]);
i=0;
fp = fopen("/dev/urandom", "r");
while (i<8)
bytes[i++] = fgetc(fp);
fclose(fp);
sprintf(salt, "%x%x%x%x%x%x%x%x", bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7]);
printf("salt = %s password = %s\n", salt, pw);
strncpy(passsalt, pw, strlen(pw));
strncat(passsalt, salt, strlen(salt));
printf("passsalt is %s\n", passsalt);
return 0;
}
Not sure why it should be vanishing, but you should make salt 17 bytes, and probably cap the precision of the %x prints to %.02x. Right now, there won't be any room at the end of salt for the null terminator if all of the bytes you get from urandom are > 15.
To be clear, the issue is that the password is not printing properly after the sprintf(salt,...) call?
I don't think this is causing a bug, but you're using strncpy() incorrectly. I realize there are checks on input, but generally you use the size of the destination array minus one:
strncpy(pw, input, sizeof(pw)-1); // works because pw is allocated on the stack, if malloc'ed, you need to track how large it is
Also, if you're going to use scanf() to read in strings, you should specify the field width:
scanf("%50s", input);
You should also probably check that fopen() didn't return NULL.
SmasherStarting to get dizzyRegistered Userregular
edited February 2009
The error is at strncpy(pw, input, strlen(input));
strncpy doesn't add a null character at the end of the destination string unless the length of the input string is shorter than the size of the copy, which in this case is strlen(input). Since you're using the length of the input string as the size of the copy that doesn't happen, which means pw will have the contents of input plus whatever garbage characters were already in pw before the copy.
To see more clearly what's happening, replace the appropriate declaration with char pw[20] = "1234567890123456789"; and see what the output is after you enter the password.
The error is at strncpy(pw, input, strlen(input));
strncpy doesn't add a null character at the end of the destination string unless the length of the input string is shorter than the size of the copy, which in this case is strlen(input). Since you're using the length of the input string as the size of the copy that doesn't happen, which means pw will have the contents of input plus whatever garbage characters were already in pw before the copy.
To see more clearly what's happening, replace the appropriate declaration with char pw[20] = "1234567890123456789"; and see what the output is after you enter the password.
Also what ecco said.
He also posted this in the chat thread at our "treehouse", and I believe that particular problem was addressed.
haha ... okay, I didn't catch this before because I normally write my own string manipulation stuff from scratch instead of relying on C's. strncpy doesn't add the null terminator to the end of your string for you. It assumes that either (a) you're going to add it yourself, or (b) all that memory is initialized to '\0' anyway. http://www.cplusplus.com/reference/clibrary/cstring/strncpy.html
After you use strncpy you need to put the null terminator on the end of the string.
You'll need to do the same for when you copy over the username (which wasn't fucking up by pure luck), and the salt.
Or, since strncpy will put on the null terminator if the input string is less than the specified length, you can just tell it to copy strlen(input)+1 characters.
Also, remember that since you're allowing passwords to be 20 characters long, you need to initialize the string to be 21 bytes long to accomodate the null terminator. You will run into memory overflow errors when you try this out with a 20 character password.
Barrakketh on
Rollers are red, chargers are blue....omae wa mou shindeiru
Just to point this out again as well, I know he does validate the length of the input string, but it is is still nonsensical to use the size of the source string as the maximum number of bytes to copy in to the destination.
Just to point this out again as well, I know he does validate the length of the input string, but it is is still nonsensical to use the size of the source string as the maximum number of bytes to copy in to the destination.
What's the correct-er way to do it?
Not being snarky, Im genuinely curious as to what the right way to do this kind of thing is.
iTunesIsEvil on
0
Options
jackalFuck Yes. That is an orderly anal warehouse.Registered Userregular
edited February 2009
If I recall correctly the point of passing the length is to prevent buffer overflows. It is the destination buffer that would overflow. Therefore the length of the destination should be passed.
What I'm also concerned about is that /dev/urandom is not going to necessarily return a string. It might, it might not.
I think a problem is that string functions are being used for binary data.
Edit: And even if /dev/urandom returned values from 32 to 126, "salt" is never explicitly null terminated anyway, so...
All I know is that our professor told us to grab 8 raw bytes from /dev/urandom, and convert them to hexadecimal notation before using it as a salt. He told us to use sprintf and sscanf. Otherwise I would have just used the rand function.
What I'm also concerned about is that /dev/urandom is not going to necessarily return a string. It might, it might not.
I think a problem is that string functions are being used for binary data.
Edit: And even if /dev/urandom returned values from 32 to 126, "salt" is never explicitly null terminated anyway, so...
All I know is that our professor told us to grab 8 raw bytes from /dev/urandom, and convert them to hexadecimal notation before using it as a salt. He told us to use sprintf and sscanf. Otherwise I would have just used the rand function.
Oooh, whoops. Yeah. I totally misread that. I thought you had printf() instead of sprintf().
If I comment out the sprintf and the following assignment of the null terminator the password shows up fine. If either of those are left in though nothing is printed out for PW.
If I comment out the sprintf and the following assignment of the null terminator the password shows up fine. If either of those are left in though nothing is printed out for PW.
Oooh. Sounds and looks like stack corruption...
Try:
salt[sizeof(salt) - 1] = '\0';
You can't do:
salt[sizeof(salt)] = '\0';
because sizeof(salt) will return 17.... which is one index element larger than you should be using to access the salt array. I wonder if the way variables are allocated on the stack meant that when you went salt[17], you accidentally overwrote the *first* character of pw with the null terminator (I guess you can check this by swapping the order usr and pw are declared and see if usr gets nulled over next).
input should be char[51] because you're inputting a string of up to 50 chars not counting the null. Just like you correctly incremented the other variables by 1, you should do so here too.
because you already constrained input to be no larger than 20. You should leave something like strncpy to as mentioned by another simply be (dest, src, sizeof(dest)) and make sure things are correct sizes beforehand, because if you start fiddling with things in your arguments where it's "not appropriate" you may cause further bugs you didn't foresee. It's a guideline yes but it should make your code easier to work with.
Same thing goes for the pw strncpy. Basically anywhere you're setting the nulls be hand is something you shouldn't need to be doing, it's getting a little tedious amirite?
For the strncat you're not even using the protection part of it correctly anyways so use strcat just. You already cleaned up your inputs so you'll be fine.
Fixing the salt[sizeof(salt)] thing didn't seem to be the issue apparently, as I had commented it out a couple times while compiling to see if that was causing the issue, but implementing the other fixes with nulls and just using strcpy seemed to have done it. Thanks a lot guys. Hopefully I won't have this much trouble with computing the hash and writing it to a file.
The problem is that I am generating several Custs at once (in less than a second), and so they end up all having the same value for tt. How can I get it to generate random numbers more quickly than this? Is there a way to get, for example, a millisecond value for srand?
Fixing the salt[sizeof(salt)] thing didn't seem to be the issue apparently, as I had commented it out a couple times while compiling to see if that was causing the issue, but implementing the other fixes with nulls and just using strcpy seemed to have done it. Thanks a lot guys. Hopefully I won't have this much trouble with computing the hash and writing it to a file.
This is why c++ strings are much better than c strings. I realize you probably don't have that option in this assignment, but when you do in the future you should go for the former.
Ok so im just starting to learn visual basic, not by choice its what the cs class im in uses, and i need some help. I made a combo box and i need to know how to set one variable for each choice in the combo box. for example, my choices are poor, average, good, and superior. I want to set the "poor" variable as the poor option in the combo box and the "average" variable as the average option in the combo box and so on and so forth.
sorry if that doesnt make sense, just let me know and thanks for any help!
Just browsed through the first pages. Some good introductory stuff there. :^:
So I'd like to learn some Objective-C with the vague plan of getting into OS X development for the fun of it. Would anyone happen to have any introductions to Obj-C and/or Cocoa that start at the bottom?
Just browsed through the first pages. Some good introductory stuff there. :^:
So I'd like to learn some Objective-C with the vague plan of getting into OS X development for the fun of it. Would anyone happen to have any introductions to Obj-C and/or Cocoa that start at the bottom?
I felt like this tutorial was a pretty good start for getting the basics of Obj-C. If you're not familiar with C, then follow the link on that page to the C Tutorial.
Just browsed through the first pages. Some good introductory stuff there. :^:
So I'd like to learn some Objective-C with the vague plan of getting into OS X development for the fun of it. Would anyone happen to have any introductions to Obj-C and/or Cocoa that start at the bottom?
I felt like this tutorial was a pretty good start for getting the basics of Obj-C. If you're not familiar with C, then follow the link on that page to the C Tutorial.
I've heard Hillegrass' book recommended before, and that's on the shopping list.
I followed some simple tutorial from Apple to make a simple app that took inputs from two text boxes, multiplied them and showed them in a third box, but it didn't really tell me why I was doing stuff. I began to see the philosophy behind it though.
Ok so im just starting to learn visual basic, not by choice its what the cs class im in uses, and i need some help. I made a combo box and i need to know how to set one variable for each choice in the combo box. for example, my choices are poor, average, good, and superior. I want to set the "poor" variable as the poor option in the combo box and the "average" variable as the average option in the combo box and so on and so forth.
sorry if that doesnt make sense, just let me know and thanks for any help!
Well most likely you're using Visual Basic .NET; if you want to change languages later, you'll be able to translate most of the concepts straight into C# without too much trouble.
But anyway, on to the combo box. Are you linking the combo box to a data source, or are you just entering in the Items collection from the UI? I think what you're trying to get is the Value property for a given Text, but it would help if you could clarify.
Echo: That Hillegrass book not only walks you through how to things, but also why you're doing them, and I highly recommend it.
Yeah, sounds like I'll get it ASAP.
Echo on
0
Options
jackalFuck Yes. That is an orderly anal warehouse.Registered Userregular
edited February 2009
Can anyone suggest a Python book for someone who's very experienced with programming in general, but who has mostly focused on statically typed languages? I started reading Python Power!, but I only got as far as the section on keywords. The author said lambda was the most useless keyword, and he doesn't know why someone would want to define an anonymous function. At that point I decided the author's a scrub, and decided to avoid that book.
Can anyone suggest a Python book for someone who's very experienced with programming in general, but who has mostly focused on statically typed languages? I started reading Python Power!, but I only got as far as the section on keywords. The author said lambda was the most useless keyword, and he doesn't know why someone would want to define an anonymous function. At that point I decided the author's a scrub, and decided to avoid that book.
Can anyone suggest a Python book for someone who's very experienced with programming in general, but who has mostly focused on statically typed languages? I started reading Python Power!, but I only got as far as the section on keywords. The author said lambda was the most useless keyword, and he doesn't know why someone would want to define an anonymous function. At that point I decided the author's a scrub, and decided to avoid that book.
Crap, the online book service I have access to just has Apress, Wrox, (shudder) Sams, MIT Press, Microsoft Press, and a bunch of small publishers. I guess O'Reilly isn't on board since they have their own online book service.
I've been tip-toeing around programming for several years now. Once you've done the typical "hello world" stuff and the other things they give you in a C++ textbook, where do you go from there? Anyone have ideas of various stuff to program?
C++ textbooks usually have a good deal of stuff for you to do (if you get the hefty ones at least), but http://projecteuler.net/ is always a good place to start.
----
I am having a hell of a time trying to build libraries from source in order to use them. I'm using cygwin and mingw, but the make process always seems to fail. Am I supposed to be editing some values somewhere?
edit: I need to use the mingw32 makefile
editx2: which still fails godsdammit
That's a nice resource. Exactly what I am looking for right now. I am doing a Java class in high school, and sometimes I want to program at home, but I have a hard time coming up with reasonable projects that I can actually accomplish. Thanks.
Anyone here ever worked with Java ME (stands for Micro Edition)?
I'm writing an application in it, and I think I'm confused as to the correct way to arrange it. I'm going to look at some example programs, but if anyone happens to have experience, I'd love to have someone to ask.
I hope you don't mind, but I'd like to bounce some ideas off people regarding my ASP.NET/C# game's combat mechanism/engine/whatever.
Okay, first, some things that are etched in stone. These things will not change:
- Combat is turn-based
- Combat is always 1 vs. 1
- Combat screen has a server control that displays combat text
- Combat uses AJAX so the page won't reload after every turn
- Combat ends when one of three conditions are met:
--- 1. PC is victorious
--- 2. PC is defeated
--- 3. PC successfully flees combat
- Initial turn is random -- there's a 50% chance that the PC gets the first turn.
- Combat has a host of buttons -- one for a base attack, one for fleeing, and the rest are dynamically allocated depending on the number of special attacks the PC has earned
Problem areas:
- Enemy AI. This is the big one. How do I determine which attack to attempt?
- Code structure. How the hell do I write this? Should there be a container combat object? What other objects should be floating around?
- Combat state management. How do I handle the end of combat? How do I transition from combat to exp/loot gathering to normal play?
I actually have a question regarding an ASP.NET site's lifespan: Is there a form of persistent memory at work? Like a process on the server or anything I could use to fiddle with state management beyond sessions?
Posts
for line in lines: match = re.search( my_expression, line ) while match: replacement = match[ 1 ] + some_text + match[ 2 ] new_line = re.sub( my_expression, replacement, line ) match = re.search( my_expression )Or, alternately:
for line in lines: while true: match = re.search( my_expression, line ) if not match: break replacement = match[ 1 ] + some_text + match[ 2 ] new_line = re.search( my_expression, replacement, line )This is all because you can't access the match object in the "replace all" function. Is there a clever way to achieve the same result that I am missing?
I'm a little confused, mainly because the re package doesn't have find() or replace() methods ;-)
Python lets you use backreferences and named groups in the sub and subn methods (which are used to replace text), so if there is a normal group you can reference it in the replacement string with \1 (for the first matching group). If you used a named group like '(?P<foo>bar)' you can reference it in the replacement string with '\g<foo>' which will insert the match text (bar) into the replacement string. You can also use the same notation with a number to do the same thing as \1 ('\g<1>') which can make things a little less ambiguous in some cases.
I highly recommend reading this for a nice explanation on using regular expressions in Python.
I thought back references ought to be possible, thanks a lot.
In my attack objects, I want it so if an attack fails/misses, a message appears in some generic server control (a div, or label, or something along those lines). My problem is that I'm not entirely sure how to do it without breaking encapsulation. Right now, my attack object looks like:
Abstract base Attack class -
public abstract class Attack { protected int level; protected string name; protected int tpCost; protected double dmgModifier; protected double hitPenalty; public Attack(int level, string name, int tpCost, double dmgModifier, double hitPenalty) { this.level = level; this.name = name; this.tpCost = tpCost; this.dmgModifier = dmgModifier; this.hitPenalty = hitPenalty; } public abstract void ExecuteAttack(); public int Level { get { return this.level; } set { this.level = value; } } public string Name { get { return this.name; } set { this.name = value; } } public int TPCost { get { return this.tpCost; } set { this.tpCost = value; } } public double DMGModifier { get { return this.dmgModifier; } set { this.dmgModifier = value; } } public double HitPenalty { get { return this.hitPenalty; } set { this.hitPenalty = value; } } }HackerAttack child class -
public class HackerAttack : Attack { public HackerAttack(int level, string name, int tpCost, double dmgModifier, double hitPenalty) : base(level, name, tpCost, dmgModifier, hitPenalty) { } public override void ExecuteAttack() { Character attacker = (Character)System.Web.HttpContext.Current.Session["attacker"]; Character target = (Character)System.Web.HttpContext.Current.Session["target"]; double chanceToHit = attacker.ChanceToHit - this.hitPenalty; int damage = (int)((this.dmgModifier * (1 + attacker.DMGModifier)) * attacker.DMG); Random random = new Random(); if (chanceToHit >= random.NextDouble()) { target.CurrentHP = target.CurrentHP - damage; } else { //unsuccessful } } }The other two character classes have similar attack objects that they use. The only appreciable difference is the math used to calculate damage after a successful attack.
That said, I'd like to be able to report something like:
"attacker.Name fired at target.Name, but missed!"
On the screen. I'm just unsure if I should have it pass the message back up to the Character object that contains this attack, which then passes it back to the Page I'm in, or if it should attempt to directly access the Page and the right server control. I want to code this the 'right' .NET way.
On the same token, you should have an event/message class system that you can call that doesn't care about "oh hey this is HTML" that you can call in your success/fail clauses. Leave the gritty details of how you relay the message encapsulated in the messaging classes, not in your game logic.
#include <stdio.h> #include <openssl/evp.h> #include "/usr/local/include/packer.h" main (int argc, char *argv[]) { char input[50]; char usr[20]; char pw[20]; char salt[16]; char hash[40]; char passsalt[100]; unsigned char bytes[7]; int i=0; FILE *fp; while(1) { printf("Please enter your user name:\n"); scanf("%s",input); if(strlen(input) > 20) { printf("User name is too long, please enter another:\n"); } else break; } strncpy(usr, input, strlen(input)); printf("Username is %s, strlen = %d\n", usr, strlen(usr)); while(1) { printf("Please enter your password:\n"); scanf("%s",input); if(strlen(input) > 20) { printf("Password is too long, please try again\n"); } else { if(FascistCheck(input, "/usr/local/libdata/cracklib/pw_dict") == NULL) break; else { printf("%s is not a strong enough password, please try again\n", input); } } } strncpy(pw, input, strlen(input)); printf("PW = %s, length = %d\n", pw, strlen(pw)); for(i=0; i <strlen(pw); i++) printf("pw[%d] = %c\n", i, pw[i]); i=0; fp = fopen("/dev/urandom", "r"); while (i<8) bytes[i++] = fgetc(fp); fclose(fp); sprintf(salt, "%x%x%x%x%x%x%x%x", bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7]); printf("salt = %s password = %s\n", salt, pw); strncpy(passsalt, pw, strlen(pw)); strncat(passsalt, salt, strlen(salt)); printf("passsalt is %s\n", passsalt); return 0; }To be clear, the issue is that the password is not printing properly after the sprintf(salt,...) call?
strncpy(pw, input, sizeof(pw)-1); // works because pw is allocated on the stack, if malloc'ed, you need to track how large it is
Also, if you're going to use scanf() to read in strings, you should specify the field width:
scanf("%50s", input);
You should also probably check that fopen() didn't return NULL.
I think a problem is that string functions are being used for binary data.
Edit: And even if /dev/urandom returned values from 32 to 126, "salt" is never explicitly null terminated anyway, so...
strncpy doesn't add a null character at the end of the destination string unless the length of the input string is shorter than the size of the copy, which in this case is strlen(input). Since you're using the length of the input string as the size of the copy that doesn't happen, which means pw will have the contents of input plus whatever garbage characters were already in pw before the copy.
To see more clearly what's happening, replace the appropriate declaration with char pw[20] = "1234567890123456789"; and see what the output is after you enter the password.
Also what ecco said.
He also posted this in the chat thread at our "treehouse", and I believe that particular problem was addressed.
Not being snarky, Im genuinely curious as to what the right way to do this kind of thing is.
All I know is that our professor told us to grab 8 raw bytes from /dev/urandom, and convert them to hexadecimal notation before using it as a salt. He told us to use sprintf and sscanf. Otherwise I would have just used the rand function.
Oooh, whoops. Yeah. I totally misread that. I thought you had printf() instead of sprintf().
Ignore what I said.
Can you spoiler up your fixed code again?
#include <stdio.h> #include <openssl/evp.h> #include "/usr/local/include/packer.h" main (int argc, char *argv[]) { char test[] = "salt"; char input[50]; char usr[21]; char pw[21]; char salt[17]; char hash[41]; char passsalt[100]; unsigned char bytes[8]; int i=0; FILE *fp; while(1) { printf("Please enter your user name:\n"); scanf("%s50",input); if(strlen(input) > 20) { printf("User name is too long, please enter another:\n"); } else break; } strncpy(usr, input, sizeof(usr)-1); usr[strlen(input)] = '\0'; printf("Username is %s, strlen = %d\n", usr, strlen(usr)); while(1) { printf("Please enter your password:\n"); scanf("%50s",input); if(strlen(input) > 20) { printf("Password is too long, please try again\n"); } else { if(FascistCheck(input, "/usr/local/libdata/cracklib/pw_dict") == NULL) { strncpy(pw, input, sizeof(pw)-1); pw[strlen(input)] = '\0'; break; } else { printf("%s is not a strong enough password, please try again\n", input); } } } printf("PW = %s, length = %d\n", pw, strlen(pw)); fp = fopen("/dev/urandom", "r"); printf("after fopen pw = %s\n", pw); if(fp == NULL) { printf("fopen() failed\n"); return 0; } while(i<8) bytes[i++] = fgetc(fp); printf("After byteread/before fclose pw = %s\n", pw); fclose(fp); printf("after fclose/before sprintf pw = %s\n", pw); sprintf(salt, "%.02x%.02x%.02x%.02x%.02x%.02x%.02x%.02x", bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7]); salt[sizeof(salt)] = '\0'; //strncpy(salt, test, sizeof(salt)-1); printf("salt = %s password = %s usr = %s\n", salt, pw, usr); strncpy(passsalt, usr, sizeof(passsalt)-1); passsalt[strlen(usr)] = '\0'; strncat(passsalt, pw, strlen(pw)); strncat(passsalt, salt, strlen(salt)); printf("passsalt is %s\n", passsalt); return 0; }Oooh. Sounds and looks like stack corruption...
Try:
salt[sizeof(salt) - 1] = '\0';
You can't do:
salt[sizeof(salt)] = '\0';
because sizeof(salt) will return 17.... which is one index element larger than you should be using to access the salt array. I wonder if the way variables are allocated on the stack meant that when you went salt[17], you accidentally overwrote the *first* character of pw with the null terminator (I guess you can check this by swapping the order usr and pw are declared and see if usr gets nulled over next).
should just be
because you already constrained input to be no larger than 20. You should leave something like strncpy to as mentioned by another simply be (dest, src, sizeof(dest)) and make sure things are correct sizes beforehand, because if you start fiddling with things in your arguments where it's "not appropriate" you may cause further bugs you didn't foresee. It's a guideline yes but it should make your code easier to work with.
Same thing goes for the pw strncpy. Basically anywhere you're setting the nulls be hand is something you shouldn't need to be doing, it's getting a little tedious amirite?
For the strncat you're not even using the protection part of it correctly anyways so use strcat just. You already cleaned up your inputs so you'll be fine.
I'm creating a linked list of Cust objects. Whenever a new Cust is instantiated, it assigns a random int value to something called tt.
Cust::Cust(int t) { srand ((unsigned)time(0)); ta = t; tt = (rand()%5)+1; }The problem is that I am generating several Custs at once (in less than a second), and so they end up all having the same value for tt. How can I get it to generate random numbers more quickly than this? Is there a way to get, for example, a millisecond value for srand?
Just srand() once in your program.
This is why c++ strings are much better than c strings. I realize you probably don't have that option in this assignment, but when you do in the future you should go for the former.
sorry if that doesnt make sense, just let me know and thanks for any help!
So I'd like to learn some Objective-C with the vague plan of getting into OS X development for the fun of it. Would anyone happen to have any introductions to Obj-C and/or Cocoa that start at the bottom?
If you end up looking for a book, I would suggest Cocoa Programming for Mac OS X.
I've heard Hillegrass' book recommended before, and that's on the shopping list.
I followed some simple tutorial from Apple to make a simple app that took inputs from two text boxes, multiplied them and showed them in a third box, but it didn't really tell me why I was doing stuff. I began to see the philosophy behind it though.
Well most likely you're using Visual Basic .NET; if you want to change languages later, you'll be able to translate most of the concepts straight into C# without too much trouble.
But anyway, on to the combo box. Are you linking the combo box to a data source, or are you just entering in the Items collection from the UI? I think what you're trying to get is the Value property for a given Text, but it would help if you could clarify.
Yeah, sounds like I'll get it ASAP.
I like the O'Reilly books, either Learning Python, 3rd Edition or Programming Python, both by the same author.
Crap, the online book service I have access to just has Apress, Wrox, (shudder) Sams, MIT Press, Microsoft Press, and a bunch of small publishers. I guess O'Reilly isn't on board since they have their own online book service.
That's a nice resource. Exactly what I am looking for right now. I am doing a Java class in high school, and sometimes I want to program at home, but I have a hard time coming up with reasonable projects that I can actually accomplish. Thanks.
I'm writing an application in it, and I think I'm confused as to the correct way to arrange it. I'm going to look at some example programs, but if anyone happens to have experience, I'd love to have someone to ask.
Now to turn this into something
Okay, first, some things that are etched in stone. These things will not change:
- Combat is turn-based
- Combat is always 1 vs. 1
- Combat screen has a server control that displays combat text
- Combat uses AJAX so the page won't reload after every turn
- Combat ends when one of three conditions are met:
--- 1. PC is victorious
--- 2. PC is defeated
--- 3. PC successfully flees combat
- Initial turn is random -- there's a 50% chance that the PC gets the first turn.
- Combat has a host of buttons -- one for a base attack, one for fleeing, and the rest are dynamically allocated depending on the number of special attacks the PC has earned
Problem areas:
- Enemy AI. This is the big one. How do I determine which attack to attempt?
- Code structure. How the hell do I write this? Should there be a container combat object? What other objects should be floating around?
- Combat state management. How do I handle the end of combat? How do I transition from combat to exp/loot gathering to normal play?
I actually have a question regarding an ASP.NET site's lifespan: Is there a form of persistent memory at work? Like a process on the server or anything I could use to fiddle with state management beyond sessions?