C，写系统调用，写int

Question

I found this source in Jon Erickson's book, Hacking: The Art of Exploitation ,

userid = getuid(); // get the real user ID
// Writing data
if(write(fd, &userid, 4) == -1)  // write user ID before note data
    fatal("in main() while writing userid to file");
write(fd, "\n", 1); // terminate line

I tried to compile this code, and found that on the file I write, userid (which is what I write in the code above) is not right; they just wrote strange character (I think is not important to write it here). So the problem is I am trying to pass an int to a function which required char * , because of that the result on file I want to write is false.

So this is a bug, right?

Answer 1

The write() function expects a void * for its buffer; it writes arbitrary binary data. If you need conversion to string, use printf() .

You don't show the declaration of userid , but the write() line should be written as:

if (write(fd, &userid, sizeof(userid)) != sizeof(userid))

This will detect short writes (unlikely to be a problem for an integer type) and other problems, and works correctly regardless of the type of userid . The original version of the line is arguably buggy, therefore. Otherwise, the bug seems to be in your expectations rather than the code per se.

Answer 2

No, it's not a bug, rather it's a misunderstanding on your part. The write call will just write what's in memory, the binary representation. You would need something like fprintf to get a readable version.

For example, the binary representation of 7 may be the four bytes 0, 0, 0 and 7, which are unlikely to look like the textual representation, a single byte 55 (assuming ASCII).

It's also a bad idea to hardcode type lengths like 4 for an integer since that's not portable. Better would be to use something like sizeof(userid) .