CS考试辅导 Extra Secure Coding Exercise

Extra Secure Coding Exercise
Q: what will be printed by this program on the console? and explain why.


Copyright By PowCoder代写 加微信 powcoder


 
 
 
 


Extra Secure Coding Exercise
Ans: buffer overflow, s.name is allocated with 8 bytes, while the size of input string “ ” of sprintf is larger that it. 





Extra Secure Coding Exercise
Q: what are the vulnerabilities in this program?




 
 
 


Extra Secure Coding Exercise
Ans: (1) before strlen, there is no check for null pointer; s could be null. (2) Before sprintf, there is no boundary check for input string.


 
 
 
 


Extra Secure Coding Exercise
Q: what are the vulnerabilities in this program?




 
 
 


Extra Secure Coding Exercise
Ans: (1) gets function does not limit the input size. (2) buffer overread will be triggered as the size of message is much smaller than the size of buffer.


 
 
 
 
 


Extra Secure Coding Exercise
Q: what are the vulnerabilities in this program?




 
 
 


Extra Secure Coding Exercise
Ans: this program would leak data from memory if the system call read() does not return the expected BLOCK_SIZE.

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com