C validating input char
I would like to take in an input from the user that's supposed to be a number.
I want to validate the input, and if it's not a number prompt the user to try again. I'm thinking I will need to take the input as a string, and check to make sure it is only one numerical digit. My question is this: How do I check to see if it's longer than one character, and whether or not it is a number. I've done a Google search for "string parsing C" and the results showed me how to use a delimiter to break a string up, and maybe there is a way to use strtok to break off just the first character and discard the rest, but I didn't see anything showing me that. FAQ If you are allowed to use scanf, you could just use that.
More importantly, can any untrusted data be used to manipulate the application or the underlying system in a way that has security implications?
" C and C do not perform array-bounds checking, which turns out to be a security-critical issue, particularly in handling strings.
Oh, and if you do use %s, then you should specify the field width to avoid buffer overflow.
I get maybe two dozen requests for help with some sort of programming or design problem every day.
In this recipe, we won't even focus so much on why buffer overflows are such a big deal.
Nearly every active attack out there is the result of some kind of input from an attacker.
For example, cryptography and a strong authentication protocol can help prevent attackers from capturing someone's login credentials and sending those credentials as input to the program.
If this entire cookbook focuses primarily on preventing malicious inputs, then why do we have a chapter of recipes specifically devoted to this topic?
One thing we really care about is this: "What does our application do with that data?
In particular, does the program take data that should be untrusted and do something potentially security-critical with it?