Project 1: The Legacy API Pitfall Lab

A small command-line program that asks for your name and a message, then prints a greeting. You will first build it using notoriously unsafe functions (gets, strcpy, sprintf) and learn to crash it. Then, you will fix it using their modern, safe counterparts.

Quick Reference

Attribute Value
Primary Language C
Alternative Languages C++ (has similar issues)
Difficulty Level 1: Beginner
Time Estimate Weekend
Knowledge Area Secure APIs / Bounds Checking
Tooling GCC/Clang, GDB
Prerequisites Basic C programming.

What You Will Build

A small command-line program that asks for your name and a message, then prints a greeting. You will first build it using notoriously unsafe functions (gets, strcpy, sprintf) and learn to crash it. Then, you will fix it using their modern, safe counterparts.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Using gets() to read input → maps to learning why you should never, ever use it
  • Crashing the program with a long input string → maps to performing a basic buffer overflow
  • Replacing gets() with fgets() → maps to learning to specify buffer sizes
  • Replacing strcpy() and sprintf() with strncpy()/strlcpy() and snprintf() → maps to defensive coding against overflows

Key Concepts

  • Unsafe C Library Functions: “SEI CERT C Coding Standard” - A free, comprehensive guide.
  • Bounds Checking: “Effective C” Ch. 5 - Robert C. Seacord

Real-World Outcome

$ ./unsafe_greeter
What is your name? AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: LEARN_C_SECURE_CODING_DEEP_DIVE.md
  • “Effective C” by Robert C. Seacord