software security Read the following code snippet named vuln.c. Answer the follo

Question

software security Read the following code snippet named vuln.c. Answer the following questions. Note that we assume one can read the source code and execute the code. i.e., vuln.exe. However, one cannot modify the source code or recompile the source code. a. Identify the statements) that contain(s) software vulnerability. b. Is it possible to invoke the function secretFunction (Yes/No)? c. If you choose "Yes" to the question b. please specify the steps to invoke the function Assuming you can use objdump to access necessary machine code. If you choose "No" to the question b, please specify why the function cannot be invoked.//vuln.c # include void secretFunction[]{printf ("Congratulations! "); printf("You have entered in the secret function! ");} void echo() {char buffer [20]; printf ("Enter some text: "); scanf("%s", buffer); printf ("You entered: %s ", buffer);} int main() {echo(); return 0;}

Explanation / Answer

a.) Software vulnerability statements are:

1. char buffer[20];

2. scanf("%s",buffer);

3. definition of function secretFunction wihtout declaration

b.) Yes, it is possible to invock

c.)

int main(){

secretFunction ();

return 0;

}

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.