1. Consider the following C-code fragment: int main(int argc, char *argv[]){ cha
ID: 3599417 • Letter: 1
Question
1. Consider the following C-code fragment:
int main(int argc, char *argv[]){
char passwd[8];
int continue = 0;
strcpy(passwd, argv[1]);
if(strcmp(passwd, “CS3750”) == 0)
continue = 1;
if(continue)
login(); /* a method that logs in the user */
}
Note: In C, * indicates a pointer, which behaves similarly to a reference in Java. Therefore, char *argv[] indicates argv as an array of pointers (references to memory addresses) to characters.
(i) Explain how an attacker can achieve buffer-overflow attack with reference to the variables passwd[] and continue. [5 points]
(ii) Explain the ideal ordering of the memory cells (assuming memory addresses increases from left to right) that correspond to these two variables so that this attack can be avoided
Explanation / Answer
i) The attacker can achieve buffer- overflow in following conditions.
when the given input string value of passwd[] variable is greater than 8.
Example:
strcpy(buff,"The value we are taking is going to create overflow");
Above overflow occurs as strcpy() is going to copy string whose size is more than size of buff
In the above program continue is an integer type.
If the attacker has reference to continue and if he has given value out of range integer then overflow occurs.
Example:
The range of unsigned integer in the 16-bit compiler is 0 to 65535.
If the value of continue is given more than 65535 or less than 0 then overflow occurs.
ii)In above program, we can prevent overflow in passwd[] by
using strcpy(passwd, argv[1],8);
here strcpy takes only 8 characters and this will not take characters from the input above 8.
similarly, if the reference to continue is given then we have to check the same conditions whether the given value is in range of integer or not.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.