<div dir="ltr">OK, well the use case is actually way more complicated than your real question, so I will confine myself to the question of validation in C.<br><br>One way to do it using the standard library but without any regular expressions is this:<br>
<br> <a href="https://github.com/ecashin/testrepo/blob/master/rlhvals.c">https://github.com/ecashin/testrepo/blob/master/rlhvals.c</a><br><br> gcc -Wall rlhvals.c && ./a.out 12345 abc32 invalid<br><br> arg[1] "12345" 5-digit? yes, 5-alphanum? yes<br>
arg[2] "abc32" 5-digit? no, 5-alphanum? yes<br> arg[3] "invalid" 5-digit? no, 5-alphanum? no<span class=""></span><span class=""></span><div><br></div><div>The validation routines are,</div><div><br>
</div><div><div>#include <stdio.h></div><div>#include <stdlib.h></div><div>#include <string.h></div><div><br></div><div>static int</div><div>is_5digit(char *s)</div><div>{</div><div><span class="" style="white-space:pre"> </span>char *end;</div>
<div><br></div><div><span class="" style="white-space:pre"> </span>strtol(s, &end, 10);</div><div><span class="" style="white-space:pre"> </span>return end - s == 5;</div><div>}</div><div><br></div><div>#define DECIMAL "0123456789"</div>
<div>#define UCASE "ABCDEFGHIJKLMNOPQRSTUVWXYZ"</div><div>#define LCASE "abcdefghijklmnopqrstuvwxyz"</div><div><br></div><div>static int</div><div>is_5alphanum(char *s)</div><div>{</div><div><span class="" style="white-space:pre"> </span>return strspn(s, DECIMAL UCASE LCASE) == 5;</div>
<div>}</div></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 22, 2014 at 7:37 PM, Robert L. Harris <span dir="ltr"><<a href="mailto:robert.l.harris@gmail.com" target="_blank">robert.l.harris@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The reason for the "system" is just to see what value I'm getting out. <div><br></div><div>
I have a perl script doing a bunch of processing which will be run by a couple different users. One aspect of the perl script is to connect to another machine and run a command as a specific user. Instead of having others know the passwd, etc. I have a hostkey set up from my server as a non-privledged user to another system. I want to have the C program setuid to the non-privledged user, ssh to the second server and run 1 command with the only variable being XXXXX. More convoluted than I want but the safest method I can come up with to get just the output I need from the second server.</div>
<div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <span dir="ltr"><<a href="mailto:ecashin@noserose.net" target="_blank">ecashin@noserose.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In general, with this kind of stuff, you want to avoid using the<br>
shell, so no use of "system" or other library calls that implicitly<br>
run a shell. The reason is that most programmers cannot anticipate<br>
all the corner cases that allow unexpected things to happen when you<br>
run a shell from your C program based on user data.<br>
<br>
But this extra information is making me less certain that I'm coming<br>
up with the best feedback.<br>
<br>
Does it happen to be the case that you're using C because you want to<br>
create an executable that you will make setuid root?<br>
<br>
<br>
On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris<br>
<div><div><<a href="mailto:robert.l.harris@gmail.com" target="_blank">robert.l.harris@gmail.com</a>> wrote:<br>
> My main goal is to make sure someone doesn't run this command and pass it<br>
> somethign like : "15361; rm -rf ~/*"<br>
> I will need another version where XXXXX can be any alpha-numeric character<br>
> too but the main concern is the moron doing something stupid.<br>
><br>
> Robert<br>
><br>
><br>
><br>
> On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <<a href="mailto:ecashin@noserose.net" target="_blank">ecashin@noserose.net</a>> wrote:<br>
>><br>
>> I'm not at a keyboard now, but strtol could do it all if you provide a<br>
>> non-NULL end pointer. (That will make sense on reading the strtol man page.)<br>
>> Just subtract the end from the start and compare to 5,after specifying base<br>
>> ten.<br>
>><br>
>> On May 22, 2014 6:17 PM, "Robert L. Harris" <<a href="mailto:robert.l.harris@gmail.com" target="_blank">robert.l.harris@gmail.com</a>><br>
>> wrote:<br>
>>><br>
>>><br>
>>> Anyone have a very simple C program source that given a command of :<br>
>>><br>
>>> ./Validate XXXXX<br>
>>><br>
>>><br>
>>> it will verify that XXXXX is a 5 digit integer and then execute<br>
>>><br>
>>> system( "/bin/touch XXXXX");<br>
>>><br>
>>><br>
>>><br>
>>> There's much more to it but I'm hung up on this. Unfortunately I'm not a<br>
>>> C person.<br>
>>><br>
>>> Robert<br>
>>><br>
>>><br>
>>> --<br>
>>> :wq!<br>
>>><br>
>>> ---------------------------------------------------------------------------<br>
>>> Robert L. Harris<br>
>>><br>
>>> DISCLAIMER:<br>
>>> These are MY OPINIONS With Dreams To Be A King,<br>
>>> ALONE. I speak for First One Should Be A Man<br>
>>> no-one else. - Manowar<br>
>>><br>
>>> _______________________________________________<br>
>>> Ale mailing list<br>
>>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
>>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>>><br>
>><br>
>> _______________________________________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> :wq!<br>
> ---------------------------------------------------------------------------<br>
> Robert L. Harris<br>
><br>
> DISCLAIMER:<br>
> These are MY OPINIONS With Dreams To Be A King,<br>
> ALONE. I speak for First One Should Be A Man<br>
> no-one else. - Manowar<br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
<br>
<br>
<br>
--<br>
</div></div> Ed Cashin <<a href="mailto:ecashin@noserose.net" target="_blank">ecashin@noserose.net</a>><br>
<a href="http://noserose.net/e/" target="_blank">http://noserose.net/e/</a><br>
<a href="http://www.coraid.com/" target="_blank">http://www.coraid.com/</a><br>
<div><div>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>:wq!<br>---------------------------------------------------------------------------<br>Robert L. Harris<br><br>DISCLAIMER:<br> These are MY OPINIONS With Dreams To Be A King,<br>
ALONE. I speak for First One Should Be A Man<br> no-one else. - Manowar
</div>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br> Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>><br> <a href="http://noserose.net/e/">http://noserose.net/e/</a><br> <a href="http://www.coraid.com/">http://www.coraid.com/</a>
</div>