Improved example solutions (replaces bad scanf("%s") with fgets() to tackle buffer overflow issues)

For more information refer to https://stackoverflow.com/questions/8177752/scanf-ns-a-vs-getsa

ch_3/task_13/main.c

@@ -15,24 +15,31 @@
 #include <string.h>
 
 
+/***** MACROS *****************************************************************/
+// Maximum length of strings
+#define STRING_MAX 20
+// Number of names
+#define NAMES_MAX 10
+
+
 /***** MAIN ROUTINE ***********************************************************/
 int main (void) {
     /*** Local Variables ***/
-    char name[10][20];
+    char name[NAMES_MAX][STRING_MAX];
     char input;
     
     /* Read in the 10 names */
-    for (int i=0; i<10; i++) {
+    for (int i=0; i<NAMES_MAX; i++) {
         /* Ask the user to enter the i. name */
         printf("Please enter the %d. name: ",(i+1));
         /* Read in the user's input */
-        scanf("%s",name[i]);
+        fgets(name[i],STRING_MAX,stdin);
     }
     
     /* Convert names to lower case */
-    for (int i=0; i<10; i++) {
+    for (int i=0; i<NAMES_MAX; i++) {
         int j=0;
-        while ((name[i][j]!='\0') && (j<20)) {
+        while ((name[i][j]!='\0') && (j<STRING_MAX)) {
             /* Check if character is lower case letter */
             if ((name[i][j]>='a') && (name[i][j]<='z')) {
                 /* Nothing to do */
@@ -52,10 +59,10 @@ int main (void) {
     }
     
     /* Sort the input names */
-    for (int i=0; i<9; i++) {
-        for (int j=i+1; j<10; j++) {
+    for (int i=0; i<(NAMES_MAX-1); i++) {
+        for (int j=i+1; j<NAMES_MAX; j++) {
             if(strcmp(name[i],name[j]) > 0) {
-                char temp[20];
+                char temp[STRING_MAX];
                 strcpy(temp,name[i]);
                 strcpy(name[i],name[j]);
                 strcpy(name[j],temp);
@@ -65,7 +72,7 @@ int main (void) {
     
     /* Print the sorted names */
     printf("\nThe names in sorted order:\n");
-    for (int i=0; i<10; i++) {
+    for (int i=0; i<NAMES_MAX; i++) {
         /* Print the name */
         printf("*) %s\n",name[i]);
     }
@@ -86,7 +93,7 @@ int main (void) {
     
     /* Print all names starting with the given letter */
     printf("\nAll names starting with \"%c\":\n",input);
-    for (int i=0; i<10; i++) {
+    for (int i=0; i<NAMES_MAX; i++) {
         /* Check if name starts with the given letter */
         if (name[i][0] == input) {
             /* Print the name */

ch_3/task_15/main.c

@@ -15,11 +15,16 @@
 #include <string.h>
 
 
+/***** MACROS *****************************************************************/
+// Maximum length of strings
+#define STRING_MAX 40
+
+
 /***** MAIN ROUTINE ***********************************************************/
 int main (void) {
     /*** Local Variables ***/
     char operation;
-    char rom_value1[40]="",rom_value2[40]="",rom_result[40]="";
+    char rom_value1[STRING_MAX]="",rom_value2[STRING_MAX]="",rom_result[STRING_MAX]="";
     int dec_value1=0,dec_value2=0,dec_result=0;
     int i=0,temp=0;
     /* Used for the conversion from decimal to Roman numeral */
@@ -29,7 +34,7 @@ int main (void) {
     /* Ask the user to enter the first number as Roman numeral */
     printf("Please enter the first number as Roman numeral: ");
     /* Read in the user's input */
-    scanf("%s",rom_value1);
+    fgets(rom_value1,STRING_MAX,stdin);
     
     /* Convert the first number to a decimal number */
     while ((rom_value1[i]!='\0') && (i<40)) {

ch_6/task_04/main.c

@@ -66,12 +66,12 @@ void list_add_person (person_t** head) {
     /* Ask the user to input the persons first name */
     printf("Please enter the person's first name: ");
     /* Read in the user's input */
-    scanf("%s",new->firstname);
+    fgets(new->firstname,STRING_MAX,stdin);
     
     /* Ask the user to input the persons last name */
     printf("Please enter the person's last name: ");
     /* Read in the user's input */
-    scanf("%s",new->lastname);
+    fgets(new->lastname,STRING_MAX,stdin);
     
     /* Ask the user to input the persons year of birth */
     printf("Please enter the person's year of birth: ");

ch_6/task_06/main.c

@@ -355,7 +355,7 @@ int main (void) {
     /* Ask the user to input the name of the directory */
     printf("Please enter the name of the directory to scan: ");
     /* Read in the user input */
-    scanf("%s",path);
+    fgets(path,STRING_MAX,stdin);
     
     /* Scan directory and read in the songs */
     if (songs_scan(&head,path) == 0) {

ch_6/task_07/main.c

@@ -319,7 +319,7 @@ int main (void) {
         /* Ask the user to input a number */
         printf("Please enter one of the numbers shown above: ");
         /* Read in the user's input as string */
-        scanf("%s",input);
+        fgets(input,STRING_MAX,stdin);
         /* Check if string contains a number */
         if (sscanf(input,"%d",&number) == 0) {
             /* No number found */

ch_6/task_08/main.c

@@ -425,7 +425,7 @@ int main (void) {
     /* Ask the user to input the name of the text file */
     printf("Please enter the name of the text file: ");
     /* Read in the user input */
-    scanf("%s",path);
+    fgets(path,STRING_MAX,stdin);
     
     /* (Try to) read the given text file */
     retval = list_read_textfile(&head,path);

ch_6/task_09/main.c

@@ -175,7 +175,7 @@ int main (void) {
                 /* Ask the user to input the command */
                 printf("Please enter the desired command: ");
                 /* Read in the user's input */
-                scanf("%s",command);
+                fgets(command,STRING_MAX,stdin);
                 /* (Try to) push the command on the stack */
                 ret = stack_push(&head,command);
                 /* Check if pushing was successful */

ch_6/task_10/main.c

@@ -251,7 +251,7 @@ int main (void) {
                 /* Ask the user to input the command */
                 printf("Please enter the desired string: ");
                 /* Read in the user's input */
-                scanf("%s",string);
+                fgets(string,STRING_MAX,stdin);
                 /* Ask the user to input the priority */
                 printf("Please enter the desired priority: ");
                 /* Read in the user's input */

ch_6/task_11/main.c

@@ -157,7 +157,7 @@ int main (void) {
                 /* Ask the user to input the number */
                 printf(" ... please enter the %d. value: ",(i+1));
                 /* Read in the user's input */
-                scanf("%s",temp);
+                fgets(temp,STRING_MAX,stdin);
                 /* Analyze the given string */
                 if (analyze_input(temp,curr) == VALID) {
                     /* Valid input */

ch_6/task_15/main.c

@@ -88,11 +88,11 @@ person_t *person_new (addtype_t type, person_t *child) {
     /* Ask the user to enter the person's first name */
     printf("Please enter %s's first name: ",query);
     /* Read in the user's input */
-    scanf("%s",new->firstname);
+    fgets(new->firstname,STRING_MAX,stdin);
     /* Ask the user to enter the person's family name */
     printf("Please enter %s's family name: ",query);
     /* Read in the user's input */
-    scanf("%s",new->familyname);
+    fgets(new->familyname,STRING_MAX,stdin);
     /* Initially set its Kekule number to 0 */
     new->kekule = 0;
     /* Initially set its parent pointers to NULL */

ch_7/task_05/main.c

@@ -20,6 +20,7 @@ int main (int argc, char** argv) {
     scanf("%c",&answer);
     if (answer == 'n') {
         printf("What do you want then? ");
-        scanf("%s",maoam);                                                      // scanf with "%s" implies to danger of buffer overflows
+        scanf("%s",maoam);                                                      // scanf with "%s" implies the danger of buffer overflows
+                                                                                // either use "%40s" or use fgets() 
     }
 }                                                                               // main function has return type int, but return statement is missing