Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// Inspired by MITRE's CWE-20, demonstrative example 2
// https://cwe.mitre.org/data/definitions/20.html
#include <stdio.h>
#include <stdlib.h>
#define die(s) fprintf(stderr, s); exit(1)
int account_balance = 1000;
#define MAX_BILLS 100
int bill_stack[MAX_BILLS];
int stack_top;
int main() {
int error, amount;
for (int i = 0; i < MAX_BILLS; i++) {
bill_stack[i] = 100;
}
stack_top = 100;
printf("Please specify the amount to withdraw: \n");
error = scanf("%d", &amount);
if ( EOF == error ){
die("No integer passed: Die evil hacker!\n");
}
if (amount > account_balance) {
die("Value too large: Die evil hacker!\n");
}
int withdraw_bills = amount / 100;
while (withdraw_bills) {
bill_stack[--stack_top] = 0;
withdraw_bills--;
}
account_balance -= (amount / 100) * 100;
printf("Withdrew $%d, balance: $%d\n", amount, account_balance);
return 0;
}