Computer Security question..... Consider the following C code: 1 void greet{char

Question

Computer Security question.....

Consider the following C code: 1 void greet{char *arg) { 2 char buffer (16]: 3 printf("I am the Senate. What is your name? *): 4 scanf("%s", buffer): 5 printf("It's treason then, %s " buffer): 6 } 7 8 int main(int argc char *argv[]) { 9 char beg [6] = 'Kenobi': 10 char end [9] = 'maybe not?': 11 strncat(beg, end, 5): 12 greet(argv[1]): 13 return 0: 14 } What is the line number that has a memory vulnerability and what is this vulnerability called? Just before the program executes line 4, the registers are: %esp: 0xBFFFFB20 %ebp: 0xBFFFFB48 Given this information, describe in detail how an attacker would take advantage of the vulnerability. Also make sure to include the address that the attacker needs to over-write. (Maximum 5 sentences) What would you change to fix the problem in part 1? Given the code as is, would stack canaries prevent exploitation of this vulnerability? Why or why not?

Explanation / Answer

Answer:1

The line no. "11" having the memory vulnerability because "beg" is a charcter array of 6 element, but in line no. 11 we are trying to add 5 more charcter in "beg" which is not possible. And this vulnerability will be called as Out of Memory vulnerability.

Answer:3

For fixing the problem we can dynamically allocate memory the array rather than providing static memory.

Answer:4

Yes, stack canaries prevent the exploitation of this vulnerability. It will take care of the stack buffer overflow or stack buffer overrun problem. Here in this case the program is trying to write to a memory address that is outside the data structure. This case will be handled by the stack canaries

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.