what is the input I need to put into the code to get a segmentation fault?

#include #include #include #include #include #include #include

#include #include #include #include #include #include

void segfault_handler(int signum) { printf("Congratulations, you crashed the program! Here's your flag: "); setuid(0); int flag_fd = open("/flag", 0); sendfile(1, flag_fd, 0, 1024); exit(0); }

using namespace std;

int main(int argc, char *argv[]) {

printf("Hello, we hear that you're really good at causing programs to crash (well, at least the programs that you write). "); printf("In this challenge, we will give you the flag only if you can crash this program (i.e. cause a segmentation fault). "); printf("You'll need to read the source code to understand the code, what input the program takes, and how to cause a segmentation fault "); signal(SIGSEGV, segfault_handler);

argc = 3; argv = (char*) malloc(sizeof(char)*3); argv[1] = "selina"; argv[2] = "foobar";

string* owner = NULL; string* userKey = NULL; string* secretKey = new string("FIREFIGHTER_KEY"); vector keys; vector authorized; vector occupants; string a = "passkey PUSH"; string b = "passkey twist"; string c = "lair enter"; string d = "who IN"; string e = "SWITCH locks"; string f = "VACATE lair"; int num = 0; // assign owner owner = new string(argv[1]);

// assign authorized keys for (int i = 2; i < argc; ++i) keys.emplace_back(argv[i]);

string input = ""; while(getline(cin, input)) { num += 1; if (num == 100) { cout << "That's all this house will do" << endl; break; }

if(input.find(a) != string::npos) { size_t pos = input.find(a); string temp = input.substr(pos+11); pos = temp.find(" "); *userKey = temp.substr(pos+1); char str[temp.length()]; for (int i = 0; i < sizeof(str); i++) { str[i] = temp[i]; } char* user = strtok(str, " ");

cout << "KEY " << *userKey << " INSERTED BY "; printf("%s", user); cout << " ";

} else if(input.find(b) != string::npos) { size_t pos = input.find(b); string user = input.substr(pos+9); if (find(keys.begin(), keys.end(), *userKey) != keys.end() || *userKey == *secretKey) { cout << "SUCCESS " << user << " TURNS KEY " << *userKey << endl; authorized.emplace_back(user); } else { cout << "FAILURE " << user << " UNABLE TO TURN KEY " << *userKey << endl; } } else if(input.find(c) != string::npos) { size_t pos = input.find(b); string user = input.substr(pos+13); if (find(authorized.begin(), authorized.end(), user) != authorized.end()) { cout << "ACCESS ALLOWED" << endl; occupants.emplace_back(user); } else { cout << "ACCESS DENIED" << endl; } } else if(input.find(d) != string::npos) { if(occupants.empty()) { cout << "NOBODY HOME" << endl; } else { ostringstream ss; copy(occupants.begin(), occupants.end() - 1, ostream_iterator(ss, ", ")); ss << occupants.back();

cout << ss.str() << " "; } } else if(input.find(e) != string::npos) { size_t pos = input.find(b); string temp = input.substr(pos+13); char str[temp.length()]; for (int i = 0; i < sizeof(str); i++) { str[i] = temp[i]; // } char* user = strtok(str, " "); string username = user;

// check if username is owner and if owner is inside home if (find(occupants.begin(), occupants.end(), *owner) != occupants.end() && username.compare(*owner) == 0) { keys.clear(); pos = temp.find(" "); string temp2 = temp.substr(pos+1); stringstream ss(temp2); string token;

while(getline(ss, token, ' ')) { keys.emplace_back(token); } cout << "OK" << endl; } else { cout << "ACCESS DENIED" << endl; } } else if(input.find(f) != string::npos) { size_t pos = input.find(a); string user = input.substr(pos+13); if (find(occupants.begin(), occupants.end(), user) != occupants.end()) { occupants.erase(std::remove(occupants.begin(), occupants.end(), user), occupants.end()); cout << "OK" << endl; } else { cout << user << " NOT HERE" << endl; } } else { cout << "ERROR" << endl; } } return 0; }