get C String from argv[]

J

justin82

Limp Gawd
Joined
Aug 8, 2004
Messages
404
Hey, I gots a question.

in C im just writing a small little file input test program.

part of the code that is of importance follows

...
...
int inFile, outFile;
char *inFileName = argv[1];
char *outFileName = argv[2];
...
...
inFile = open(inFileName, O_RDONLY);
outFile = open(outFileName, O_WRONLY);
...
...
Click to expand...


now my thoughts are: there is something wrong with giving the end user the power to choose name and length of filename. Is this true? and What if any checks can I put in place to keep that from being abused?

Thanks
 
You should always validate your command line arguments right away. There is nothing wrong with letting the user choose filename and length, after all it's just a string. Some filesystems may have limitiations regarding max name length, which you should check for and report to the user as an error.
 
As better practice, shouldn't you be using FILE *infile, *outfile?

Also, I've always used 'r', 'w', or 'a', but each to their own.
 
pedant said:
As better practice, shouldn't you be using FILE *infile, *outfile?

Also, I've always used 'r', 'w', or 'a', but each to their own.
Click to expand...

Depends on what he wants to do. He's using open (correctly), you're (also correctly) describing fopen. Don't confuse them.
 
Here's an example using fopen() and strlen() for checking the length of the arguments. Plus, I threw in a bunch of error messages. You'd set the max value to your desired limit, but you'd keep it <= the max path for the OS.

Code: 
#include <stdio.h>
#include <string.h>

int main( int argc, char** argv) {
    if ( argc != 3 ) {
        printf( "\nUsage: this infile outfile\n" );
        return 1;
    } 
    const size_t max = 256;
    if ( strlen( argv[1] ) > max ) {
        printf("\ninfile path too long\n");
        return 1;
    } else if ( strlen( argv[2] ) > max ) {
        printf("\noutfile path too long\n");
        return 1;
    }
    FILE* in = fopen( argv[1], "r");
    if ( !in ) {
        printf("\nError reading %s\n", argv[1] );
        return 1;
    }
    // read in from the file and store the data etc.
    fclose( in );
    FILE* out = fopen( argv[2], "w");
    if ( !out ) {
        printf("\nError writing to %s\n", argv[2] );
        return 1;
    }
    // write stuff to the file etc.
    fclose( out );
    return 0;
}
 
justin82 said:
now my thoughts are: there is something wrong with giving the end user the power to choose name and length of filename. Is this true? and What if any checks can I put in place to keep that from being abused?
Click to expand...

If you want the user to specify their own file, then you're fine. I think you're asking for trouble, trying to see if the file name is valid when you could rely on the C runtime (which relies on the OS) to just try and open the file.

You might want to check the opened file to make sure it's really a file and not a device; that may or may not be the right thing to do depending on your application.

In particular, I can't see a reason to cap the input to a length limit, as Shadow2531 is suggesting.
 
You must log in or register to reply here.
Back
Top