-2
char * read_file(char * filename) {
  char * file_contents = malloc(4096 * sizeof(char));

  FILE * file;
  file = fopen(filename, "r");

  fread(file_contents, 4096, sizeof(char), file);
  fclose(file);

  return file_contents;
}

char * read_flag() {
  return read_file("/flag.txt");  // outside of current working directory ;)
}

int main(int argc, char* argv[]) {
  setvbuf(stdin,  NULL, _IONBF, 0);
  setvbuf(stdout, NULL, _IONBF, 0);

  char * flag = read_flag();
  char input_filename[40];

  //Current directory is /home/problem
  printf("Current working directory is: ");
  system("pwd");

  printf("Enter a filename to print the contents of the file => ");
  scanf("%39s", input_filename);

  while ((directory_entry = readdir(directory)) != NULL) {
    if (strcmp(input_filename, directory_entry->d_name) == 0) {
      printf("File contents:\n");
      printf("%s\n", read_file(input_filename));

      return 0;
    }
  }
}

I need to open a file that is outside of this directory ("/flag.txt"). I have tried something like "../" in the input to get out from this directory but it is not working. I am not sure how do i enter the filename such that it can retrieve the file that is outside of the /home/problem directory. I am currently using Ubuntu to do this. I think the idea should be using something like %s%d when i enter my input. Is this possible to use any specifier or exploit this program in order to read the entire contents?

mrflash818
  • 930
  • 13
  • 24
Y.M
  • 79
  • 1
  • 8

2 Answers2

1

You need to pass the full path to your file if it is outside the solution directory either with \\ or one /. On a windows based system this would be for example C:\\folder\\file.txt. I do not use linux currently, but it should be /home/folder/file.txt.

ats
  • 109
  • 4
  • For an absolute pathname, add a leading slash: `/home/folder/file.txt.` – joop Nov 19 '18 at 10:53
  • @joop The current directory when i execute the code is /home/problem. However the file that i want to access is outside of this directory which is ./flag.txt – Y.M Nov 19 '18 at 12:48
  • @Y.M. You can't refer to ./flag.txt without knowing the current directory, since the first part `./` means "in the current directory". So when you say it is outside `/home/problem`, and the name is `./file.txt` , noone can know where that file is. Find out which directory `flag.txt` is in. Say e.g. it is the folder `/somwhere/else/` , then you just open `/somwhere/else/flag.txt` – nos Nov 19 '18 at 13:30
0

The fopen function can fail, and you should handle that. Read fopen(3), open(2), path_resolution(7), errno(3) to understand the possible failure reasons. Details could be file system and computer specific (and could include hardware failures).

I recommend using perror(3) and exit(3) on failure (don't forget to include both <stdio.h> for perror and <stdlib.h> for exit):

FILE* file = fopen(filename, "r");
if (!file) {
    perror(filename);
    exit(EXIT_FAILURE);
}

then you'll get a meaningful error message (into stderr) on failure

My guess: your root file system (and root directory / ...) don't have a flag.txt file and you might want to retrieve what your shell understands from ~/flag.txt. Perhaps you want to retrieve it in your home directory (then build its file path, using getenv("HOME") on Linux or Unix; see this).

Read also about globbing, and glob(7).

Read also some Linux programming book, perhaps the old ALP.

Basile Starynkevitch
  • 223,805
  • 18
  • 296
  • 547
  • Why the fopen function will fail? – Y.M Nov 19 '18 at 15:45
  • There are many failure reasons. Read the various links. And since the failure is not depending upon just your program, but upon the whole system state of your entire computer, you always should handle it. You cannot reasonably predict the state of the computer running your program. I'll guess that your Linux computer don't have any `/flag.txt` (because the root directory `/` is not yours, and [hier(7)](http://man7.org/linux/man-pages/man7/hier.7.html) don't document that it should have a `flag.txt` file) – Basile Starynkevitch Nov 19 '18 at 16:52