05-09-07
Nerd, Geek, Freak
wnd's Avatar
Join Date: Sep 2005
Location: Finland
Posts: 703
Re: C help

Originally Posted by evilghost
This is what I ended up with, thanks again for your help, feel free to make any additional comments
Just some minor things. I tend to be a little picky about (C-)code.

- There is no reason for FILE *fout to be global. It's sufficient to have it only inside main-function.

- Having an assignment, a function call, and a comparision in a single "if (foo)" is very C-ish. However in my opinnion this feature is often abused since complex statements easily become difficult to read.
fout = fopen("foo", "a+");
if (fout == NULL) {
        fprintf(stderr, "oops\n");
        return EXIT_FAILURE;
/* Code continues outside if-block. That's where we want to go. */
- You can compare return value of fopen against NULL.

- It is perfectly safe (as far as printf can be) to have just fprintf(stderr, "Error while...\n");. When I said user input, I meant input from "unregulated" source such as command prompt, file, network, or such. A static string in source code is not user input. :-)

- Similary to EXIT_FAILURE, most stdlib.hs come with EXIT_SUCCESS.

- Since the executable is suid, I'd be extra careful to make sure target file is exactly what it's supposed to be (note that I don't know if uid/gid is set to something specific so that part may not apply):
#include <sys/types.h>
#include <sys/stat.h>
#include <uninstd.h>

struct stat s;
int r;

r = lstat(file, &s);
if (r != 0) {
if (! (S_ISREG(s.st_mode) && s.st_uid == OWNER_UID
                        && s.st_gid == OWNER_GID)) {
/* good to go */
