stat.h file access file descriptors open() Hacking The Art of Exploitation

Question

I am working out of the 2nd edition of Jon Erickson's "Hacking: The Art of Exploitation" using a VM (virutalbox) to run the LiveCD it came with (Ubuntu 7.04). In section 0x281 "File Access", the author explains accessing files through file descriptors, as well as the open() close() read() and write() functions, using an example on pages 82-84.

The code for the simplenote.c is as follows:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>

void usage(char *prog_name,char *filename){
        printf("Usage: %s < data to add to %s>\n",prog_name,filename);
        exit(0);
}

void fatal(char *);
void *ec_malloc(unsigned int );

int main(int argc,char *argv[]){
        int fd; //file descriptor
        char *buffer,*datafile;

        buffer = (char *)ec_malloc(100);
        datafile = (char *)ec_malloc(20);
        strcpy(datafile,"/tmp/notes");

        if(argc < 2)
                usage(argv[0],datafile);

        strcpy(buffer,argv[1]);

        printf("[DEBUG] buffer   @ %p:\'%s'\n",buffer,buffer);
        printf("[DEBUG] datafile @ %p:\'%s'\n",datafile,datafile);

        strncat(buffer,"\n",1);//Add a newline on the end.

        fd = open(datafile,O_WRONLY|O_CREAT|O_APPEND,S_IRUSR|S_IWUSR);
        if(fd == -1)
                fatal("in main() while opening file");
        printf("[DEBUG] file descriptor is %d\n",fd);
        //Writing data
        if(write(fd,buffer,strlen(buffer)) == -1)
                fatal("in main() while writing buffer to file");
        //Closing file
        if(close(fd) == -1)
                fatal("in main() while closing file");

        printf("Note has been saved.\n");
        free(buffer);
        free(datafile);
}

//A function to display an error message and then exit
void fatal(char *message){
        char error_message[100];

        strcpy(error_message,"[!!]Fatal Error");
        strncat(error_message,message,83);
        perror(error_message);
        exit(-1);
}

//An error-checked malloc() wrapper function 
void *ec_malloc(unsigned int size){
        void *ptr;
        ptr = malloc(size);
        if(ptr == NULL)
                fatal("in ec_malloc() on memory allocation");
        return ptr;
}

However, when I type the following instructions stated in the book into my terminal window, it returns the following error message:

reader@hacking:~/booksrc $ gcc -o simplenote simplenote.c
In file included from /usr/include/sys/stat.h:105, from simplenote.c:6:
/usr/include/bits/stat.h:70: error: field 'st_atim' has incomplete type
/usr/include/bits/stat.h:71: error: field 'st_mtim' has incomplete type
/usr/include/bits/stat.h:72: error: field 'st_ctim' has incomplete type
simplenote.c: In function 'main':
simplenote.c:35: error: 'O-WRONLY' undeclared (first use in this function)
simplenote.c:35: error: (Each undeclared identifier is reported only once
simplenote.c:35: error: for each function it appears in.)
simplenote.c:35: error: 'O_CREAT' undeclared (first use in this function)
simplenote.c:35: error: 'O_APPEND' undeclared (first use in this function)

Here is sys/stat.h line 105:

#include <bits/stat.h>

And here is bits/stat.h lines 63-83:

#ifdef __USE_MISC
    /* Nanosecond resolution timestamps are stored in a format 
       equivalent to 'struct timespec'. This is the type used 
       whenever possible but the Unix namespace rules do not allow the 
       identifier 'timespec' to appear in the <sys/stat.h> header. 
       Therefore we have to handle the use of this header in strictly 
       standard-compliant sources special. */
    struct timespec st_atim;    /* Time of last access. */
    struct timespec st_mtim;    /* Time of last modification. */
    struct timespec st_ctim;    /* Time of last status change. */

# define st_atime st_atim.tv_sec    /* Backward compatibility */
# define st_mtime st_mtim.tv_sec
# define st_ctime st_ctim.tv_sec
#else
    __time_t st_atime;                 /* Time of last access. */
    unsigned long int st_atimensec;    /* Nscecs of last access. */
    __time_t st_mtime;                 /* Time of last modification. */
    unsigned long int st_mtimensec;    /* Nsecs of last modification. */
    __time_t st_ctime;                 /* Time of last status change. */
    unsigned long int st_ctimensec;    /* Nsecs of last status change. */
#endif

I suppose this might be of some use for the first set of issues:

C++ system file bits/stat.h suddenly breaks with "error: field 'st_atim' has incomplete type"

/usr/include/time.h

cat time.h

doesn't do anything in my terminal window.

And here is the simplenote.c main function lines 1-6, 34-35:

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>

// Opening the file
    fd = open(datafile, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR);

I'm guessing the open function problems stem from fcntl.h?

I seem to keep running into issues because of faulty code the author provided. I don't want to constantly depend on the stackoverflow community for help, so what suggestions do you have for a novice about examining and fixing these problems in the future?

Thanks.

Answer 1

^{Transferring a selection of comments into a semi-coherent answer.}

You should probably explicitly enable POSIX definitions. Add -D_XOPEN_SOURCE=700 to the command line, or #define _XOPEN_SOURCE 700 before the first #include and see if that solves anything. You should not be running into the problem though; the header should be self-contained.

Oh, but Ubuntu 7.04 is archaic…you may need to use 600 instead of 700. When was it released (when was the book published)? If it was 2009 or before, you probably need the older version (600). It's still surprising that you're seeing the error. The command line you specify doesn't contain the options that normally cause trouble ( -ansi -pedantic , for example, or -std=c99 -pedantic ). You could try using -std=gnu99 too; it might work better.

You had a similar problem recently ( gcc -o stdlib.h syntax error c Hacking the Art of Exploitation ). Did you get that resolved? It sounds as if the compilation system on the Live CD is not self-coherent, or the way you're able to use it means that it is not behaving self-coherently. Are you sure the compilation system works? It appears to be semi-defunct. Is it using the wrong headers, somehow?

I was able to resolve the previous problem by inserting #include <stdint.h> before #include <stdlib.h>

I will try the -D_XOPEN_SOURCE=600 and get back to you. Something must be wrong with the compilation system.

Well, you might need to include <time.h> (or possibly <sys/time.h> ) before <sys/stat.h> , but the <sys/stat.h> header is broken if that works. And the <stdlib.h> header is broken if you have to include <stdint.h> before including it. I suppose Ubuntu 7.04 could be so old that you're supposed to #include <sys/types.h> before many of these headers, but that's still not an excuse for <stdlib.h> ; that should be self-contained. POSIX 1997 required #include <sys/types.h> before <sys/stat.h> ; POSIX 2004 did not. And I don't think Ubuntu 7.04 is quite that old.

Note, though, that the st_atim member is new; it was added to POSIX 2008 (and hence is in POSIX 2013). It was just st_atime before (and st_atime is now a macro for st_atim.tv_sec ).

Including the -D_XOPEN_SOURCE=600 dealt with the bits stat issue. Ubuntu 7.04 was released in 2007 and the 2nd edition of the book that I am using came out in 2008. Also, not sure if this is of use, but in another previous example that included both <stdio.h> and <string.h> (as opposed to only <stdio.h> ), the code would run fine without any intervention.

Interesting…it is going to make life interesting for you, in a way that life should not need to be interesting. (Chinese curses like "May you live in interesting times" spring to mind.) Use the -DXOPEN_SOURCE=600 option in all your compilations and keep your fingers crossed; that may well resolve most of your problems. Consider using -std=gnu99 as well, or instead. With luck, either or both of those should get you around most problems.

Answer 2

In case someone else is having the same issue with this book, I downloaded the iso file from hacking-live-1.0.iso . Created a bootable usb and all works just fine without corrupted headers or anything.