Category Archives: Broken Code

Broken Code – Part 4

Posted on 12. June 2010 by Thomas Roth

Today I found this lines of code: char var[9]; /* Some initialization of var… */ strcat(var, ‘\0′); Any ideas what this was meant to do? Update: Because I got some feedback telling me that this code is right, I’ve written … Continue reading

Posted in Broken Code | Tagged , | 1 Comment

Broken Code – Part 3

Posted on 14. April 2010 by Thomas Roth

Language: C This snippet of code is out of a closed source web application which is, according to the authors, ‘very secure because it was not written in PHP’: /* The integers szPrm1 and szPrm2 were used somewhere above this … Continue reading

Posted in Broken Code | Tagged , , , | 4 Comments

Broken Code – Part 2

Posted on 12. April 2010 by Thomas Roth

Language: PHP This is a snippet which I found in a relatively large commercial (closed source) web application some time ago: foreach($_REQUEST as $key => $value){eval("\$".$key."=\"".$value."\";");} A little bit cleaner: foreach($_REQUEST as $key => $value) {     eval("\$".$key."=\"".$value."\";"); } … Continue reading

Posted in Broken Code | Tagged , , | 5 Comments

Broken Code – Part 1

Posted on 12. April 2010 by Thomas Roth

Language: C I just found something like the following in a commercial enterprise C project: char var = ‘N’; (void)scanf("%s", &var); fflush(stdin); My first thought when I looked at the code was like “What the f**k?“, as the coder did … Continue reading

Posted in Broken Code | Tagged , , | 2 Comments