0

I have a string in my function defined like ..

 char *key="anyvalue";

Now I use a linux command as ...

 $openssl dgst -md5 -hmac "anyvalue" file.txt

Now the problem is I need to carry out following task through a C function ..

Here is the code ...

  void func (char *key) {

     char *key_new=key;

     system("openssl -dgst md5 -hmac <got stuck here> file.txt");

  }

How could I pass the key value to the portion labled ??

I did this pretty simply in php. ...

   $key="somevalue"

   exec("openssl -dgst md5 -hmac $key file.txt");

Is there something similiar avaliable in C ???

If not then Please tell me any other possible way ???

Limitation :

The key has to be passed through function .

I can't take it as a C command line argument.

Edit :

I tried with this one ... but first of all I would like to mention that its a small file in a big project and warning being treated as error .. so I need to take care of them also

Here is what I did -

    char *sstring=NULL;
    sprintf(sstring, "openssl dgst -md5 -hmac \"%s\"
    -out data3.md5 data3.txt",(char *)key);
    system(sstring);

if I won't initialize then here comes the warning ..

    gcc -o hmacmd5.so -I.. -fPIC -fsigned-char -pipe -Wall 
    -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wnested-externs
    -Winline -Werror -g -Wcast-align -DSENDIP_LIBS=\"/usr/local/lib/sendip\"
    -shared hmacmd5.c ../libsendipaux.a ../libsendipaux.a

    cc1: warnings being treated as errors
    hmacmd5.c: In function ‘xoricv’:
    hmacmd5.c:271:9: error: ‘sstring’ is used uninitialized in this function
    make: *** [hmacmd5.so] Error 1
Improve this question
1
  • If the value of key is supplied in program input, you may be opening yourself up to security bugs. Consider: what if key is abcdef$(rm -f /etc/passwd)ghijkl ? Commented Oct 11, 2011 at 14:36

5 Answers 5

Reset to default
4

I think you are looking for sprintf:

int sprintf(char *STR, const char *FORMAT, ...);

In your case, you would use it as follows:

sprintf(some_allocated_output_string, "openssl -dgst md5 -hmac %s", key);
system(some_allocated_output_string);

EDIT:

After seeing the code you tried, I can see I didn't provide you a complete answer.

You have two choices here (assume that STRING_SIZE below is some #defined size, like 300 or something):

1) use a preallocated buffer:

char sstring[STRING_SIZE];
sprintf(sstring, "openssl -dgst md5 -hmac \"%s\" -out data3.md5 data3.txt",(char *)key);
system(sstring);

2) use malloc/free:

#include <stdlib.h>
//blah blah blah
char *sstring=NULL;
//blah blah blah
sstring = malloc(STRING_SIZE);
sprintf(sstring, "openssl -dgst md5 -hmac \"%s\" -out data3.md5 data3.txt",(char *)key);
system(sstring);
free(sstring);

I would suggest the first approach. Along with this, I would highly suggest taking care to use @pmg's suggestion of snprintf, if your compiler supports it. This would look like this:

char sstring[STRING_SIZE];
int result = 0;
result = snprintf(sstring, STRING_SIZE, "openssl -dgst md5 -hmac \"%s\" -out data3.md5 data3.txt",(char *)key);
// Perform a check on result here, in case you ran out of space.
// If result > STRING_SIZE, you need to try a larger buffer.
system(sstring);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1; even better, if the OP has a C99 compiler, is snprintf.
I strongly agree. Safer is better, especially when it comes to buffers. sprintf just came to the fingers first... old habits and all that ;^)
@UditGupta Can you post the code you tried, and I'll see if I can steer you in the right direction?
3

You should learn to use the openssl API instead of invoking command lines.

Failing that, you need to use system, not fork.

Improve this answer

1 Comment

+1 for redirecting to the OpenSSL API.
2

If you want to write the character " inside a C string, you could write it with \"

So, you write

system("openssl dgst -md5 -hmac \"key\" file.txt");

If you key is not a constant, you should use snprintf

Something like this:

char buffer[/*enough size*/];
snprintf(buffer, /*the size*/, "openssl dgst -md5 -hmac \"%s\" file.txt", key);

And after

system(buffer);
Improve this answer

4 Comments

I think you missed the point of the question. How does he get the value of key into the string at all, let alone quoted?
string is variable .... everytime I invoke the function a new key value is passed and as I think what you have suggested is a fixed key value "key"
@UditGupta I edited the post. However, you still need to remember to use \" in the string
but how will I execute system command then ???? I need to provide this whole string as a input to system command and if I use something like char *str in place of this whole srting then how wud i add this key there ??
0

How about:

 void func (char *key) {

     char *cmd = "openssl -dgst md5 -hmac ";
     char *fullmsg = _malloc( strlen(key) + strlen(cmd) );
     if (fullmsg != NULL) {
       sprintf_s( fullmsg, sizeof(fullmsg), "%s%s", cmd, key );
       system( fullmsg );
       free( fullmsg );
     } // else out of memory

  }
Improve this answer

1 Comment

Ah, that may only be available in Microsoft's C compiler. Use sprintf() instead then, just ensure you don't overrun the buffer.
0

Another alternative:

void func(char * key)
{
    char cmd[255] = "openssl dgst -md5 -hmac ";
    assert(sizeof cmd > strlen(cmd) + strlen(key));
    strcpy(cmd, key);
    system(cmd);
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.