-5

So below is my source code in c in which i have used strcmp function to compare two strings

#include<stdio.h>
#include<string.h>

int main() {
unsigned char pass[100]="Try to hack me";
unsigned char input[100];

printf("Enter the secret string: ");
scanf("%s",input);

if(strcmp(pass,input))
printf("Wrong Password\nAccess Denied\n");
else
printf("Right password\nAccess Granted!!\n");

return 0;
}

when i run the compiled program it is giving wrong output, it suppose to give the right messasge but its giving wrong message. what is the problem here?

below is the output response of the program

professor@CTOS:~/Documents/Bnry/elf32bit/Module3/ch6$ ./crackme 
Enter the secret string: Try to hack me
Wrong Password
Access Denied
professor@CTOS:~/Documents/Bnry/elf32bit/Module3/ch6$ ./crackme 
Enter the secret string: Try to hack me
Wrong Password
Access Denied
Swapnil
  • 9
  • 4
  • 1
    Do not post screenshots of text (except when there is an issue with the layout of text on the screen that cannot be reproduced by posting the text). Paste actual source code that other people can copy and compile. – Eric Postpischil Sep 07 '22 at 11:05
  • 1
    To me it appears they are trying to teach something like a buffer overflow exploit, but if you don't know how to program in C, take a C course first. – Cheatah Sep 07 '22 at 11:12
  • Please edit your post and paste your code as text. – mikyll98 Sep 07 '22 at 11:20
  • ok i will do it now – Swapnil Sep 07 '22 at 11:21
  • 2
    Start now... Look at other C code and notice the "indentation" used to highlight "blocks of code"... Indentation is irrelevant to the compiler, but VERY important to human readers of source code. Start now... – Fe2O3 Sep 07 '22 at 11:27

1 Answers1

2

%s in scanf only reads until a white space character. From “Try to hack me”, it only reads “Try”. Use a different method to read the input line, possibly fgets, but be aware that fgets includes the new-line character that terminates the line.

When your program does not work, debug it. Either trace execution with a debugger or insert printf statements to show what it is doing. Inserting printf("The input is %s.\n", input); after the scanf would have revealed the problem.

Eric Postpischil
  • 195,579
  • 13
  • 168
  • 312
  • so what should i place there instread of %s ? – Swapnil Sep 07 '22 at 11:09
  • ok i m trying now – Swapnil Sep 07 '22 at 11:11
  • its only printing Try lol – Swapnil Sep 07 '22 at 11:13
  • So now what should i do to correct this input ? – Swapnil Sep 07 '22 at 11:14
  • Thanks man its solved now, I have used gets function instead of scanf. – Swapnil Sep 07 '22 at 11:20
  • 1
    @Swapnil: Do not use `gets`; it is obsolete. Use `fgets(input, sizeof input, stdin)`. – Eric Postpischil Sep 07 '22 at 11:22
  • 1
    @Swapnil: You may want to read this: [Why is the gets function so dangerous that it should not be used?](https://stackoverflow.com/q/1694036/12149471) I suggest that you use [`fgets`](https://en.cppreference.com/w/c/io/fgets) instead. However, as already mentioned in the answer, when using `fgets`, you must take the newline character into account. You may find this useful: [Removing trailing newline character from fgets() input](https://stackoverflow.com/q/2693776/12149471). – Andreas Wenzel Sep 07 '22 at 11:34
  • i tried to use fgets now its segfaults( core dumped). I think gets is better for the moment – Swapnil Sep 07 '22 at 11:36