Examine the line management routines in this dir. It handles any number of lines

Question

Examine the line management routines in this dir. It handles any number of lines (or queues), and returns a pointer to the line that is created. The header file (queueHeader.h) and the line manager (queueManager.c) are below.

A. Write a main driver, lineMain.c and exercise these functions to get a feel for it.

B. Analyze the code given and explain clearly any four vulnerabilities, each description of about 5 or 6 sentences. Each vulnerability has to be a very specific problem, not something general like buffer overflow etc.

C. For any ONE vulnerability, write an exploit, mainExploit.c; exploit code should be readable and well-documented, else you get 0 (do NOT crash program). D. For any ONE vulnerability, describe how you may fix it; however, NO need to provide the code for actual fix.

---------------

//queueHeader.h

/* * line Manager Header file */

/* * the queue structure */

typedef struct queue {

int *que; /* the actual array of queue elements */

int head; /* head index in que of the queue */

int count; /* number of elements in queue */

int size; /* max number of elements in queue */ } QUEUE;

/* * the library functions */

void queueManage(QUEUE **, int, int); /* create or delete a queue */

void addToQueue(QUEUE *, int); /* add to queue */

void removeFromQueue(QUEUE *, int *); /* remove from queue */

--------------- /

/queueManager.c /* * line Manager */

#include

#include

#include "queueHeader.h"

/* * create or delete a queue * * PARAMETERS: QUEUE **qptr space for, or pointer to, queue * int flag 1 for create, 0 for delete * int size max elements in queue */

void queueManage(QUEUE **qptr, int flag, int size) {

if (flag){ /* allocate a new queue */

*qptr = malloc(sizeof(QUEUE));

(*qptr)->head = (*qptr)->count = 0;

(*qptr)->que = malloc(size * sizeof(int));

(*qptr)->size = size; }

else{

/* delete the current queue */

(void) free((*qptr)->que);

(void) free(*qptr); }

}

/* * add an element to an existing queue * * PARAMETERS: QUEUE *qptr pointer for queue involved * int n element to be appended */

void addToQueue(QUEUE *qptr, int n) {

/* add new element to tail of queue */

qptr->que[(qptr->head + qptr->count) % qptr->size] = n; qptr->count++;

}

/* * take an element off the front of an existing queue * * PARAMETERS: QUEUE *qptr pointer for queue involved * int *n storage for the return element */

void removeFromQueue(QUEUE *qptr, int *n) {

/* return the element at the head of the queue */

*n = qptr->que[qptr->head++];

qptr->count--; qptr->head %= qptr->size;

}

Explanation / Answer

Ans 1. Main driver class LineMain.c

#include <stdio.h>

#include <stdlib.h>

#include "queueHeader.h"

int main(){

Queue ** queue;

int* number;

queueManage(queue,1,10);

addToQueue(&queue,10);

addToQueue(&queue,12);

addToQueue(&queue,15);

removeFromQueue(&queue,n);

return 0;

}

Ans 2. Vulnerability in the code is as follows:-

a) when we create a queue in the code i.e when we pass flag as 1 in queueManage method then there should be a check for size in queueManage method. Check should be size greater than zero. Suppose user pass negative integer as size, in that case we are passing negative value to initialize an array in malloc. At that time code might get collapse. This check will save at that situation.

b) Another Vulnerability is that we are directly try to free the memory in case of flag is zero. Suppose at the first time while queue is not created and try to free the memory which is allocated at that time then your code will collapse. So put a check whether queue has already got a memory or not. If memory is already allocated then try to free those memory, IF not then do not run the code of free the memory.

C) Another Vulnerability is that when we add a value in the queue. I think there should be a check while adding in the queue is that is queue alread full or not? If queue is not already full then try to add that element in queue and if queue is already full then first try to increase the size then add element in the queue.

D) Another Vulnerability is that when we trying to remove an element from the queue. Suppose a situation in which queue is empty and we try to remove the element from the queue which is not present in the queue. In that situation we might not get exact result what we are expecting. So put a check before removing the element from the queue whether queue is empty or not.

Ans 3. I am writing code for one vulnerability, for the situation in which we try to empty the queue:-

In that case a simple check you should add as follow:-

if((*qptr)->size>0){

(void) free((*qptr)->que);

(void) free(*qptr);

}

Ans 4. In the similar way you can add the check as i explained the reason in Answer of second question.

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.