#include

#include

#include

#define BUFFER_LENGTH 512

/* * Week 3 Lab 2 * * This program allows for input of formatted output * characters on the command line (such as %x and %s), * and is therefore vulnerable to a formatted output * exploit.

*/int main (int argc, char **argv)

{

char buffer[BUFFER_LENGTH + 1] = {0};

if (argc < 2)

{

printf ("Invalid number of arguments. ");

return -1;

}

if (strlen(argv[1]) > BUFFER_LENGTH)

{

printf ("Buffer length too long. ");

return -1;

}

/* * This program needs to be corrected to reject any

* input that contains formatted output characters.

*/

snprintf(buffer, sizeof(buffer), argv[1]);

buffer[BUFFER_LENGTH + 1] = '\0';

printf("You entered %s. ", buffer);

return 0;}