Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

1) Analyze and compare the results of the images above 2) Modify the programs according to the results above 3) List the functions you corrected,

image text in transcribed

image text in transcribed

1) Analyze and compare the results of the images above

2) Modify the programs according to the results above

3) List the functions you corrected, and how you corrected it

Player Applications Places System 0 student@ubuntu: File Edit View Search Terminal Help Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead. test.c:35: High: syslog test.c:36: High: syslog test.c:38: High: syslog Truncate all input strings to a reasonable length before passing then to this function test.c:45: High: fixed size local buffer test.c:46: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks test.c:49: High: mbscpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:52: High: Istrcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow test.c:5S: High: strncat test.c:56: High: strncat Consider using strlcat) instead. test.c:55: High: strncat test.c:56 High: strncat Check to be sure that argument 1 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:75: High: CreateProcess Many program execution commands under Windows wit search the path for a program if you do not explicitly specify a full path to the file. This can allow trojans to be executed instead. Also, be sure to specify a file extension, since otherwise multiple extensions will be tried by the operating system, providing another opportunity for trojans. test.c:91: High: getopt long Truncate all input strings to a reasonable length before passing them to this function test.c:73: Medim: SetsecurityDescriptorDacl If the third argument, poacl, is NULL there is no protection from attack. As an example, an attacker could set a Deny Al to Everyone ACE on such an object. studenteubuntu:-s I student (test.c(-)-ge a student@ubuntur- O Type here to search Player Applications Places System 0 student@ubuntu: File Edit View Search Terminal Help Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead. test.c:35: High: syslog test.c:36: High: syslog test.c:38: High: syslog Truncate all input strings to a reasonable length before passing then to this function test.c:45: High: fixed size local buffer test.c:46: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks test.c:49: High: mbscpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:52: High: Istrcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow test.c:5S: High: strncat test.c:56: High: strncat Consider using strlcat) instead. test.c:55: High: strncat test.c:56 High: strncat Check to be sure that argument 1 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:75: High: CreateProcess Many program execution commands under Windows wit search the path for a program if you do not explicitly specify a full path to the file. This can allow trojans to be executed instead. Also, be sure to specify a file extension, since otherwise multiple extensions will be tried by the operating system, providing another opportunity for trojans. test.c:91: High: getopt long Truncate all input strings to a reasonable length before passing them to this function test.c:73: Medim: SetsecurityDescriptorDacl If the third argument, poacl, is NULL there is no protection from attack. As an example, an attacker could set a Deny Al to Everyone ACE on such an object. studenteubuntu:-s I student (test.c(-)-ge a student@ubuntur- O Type here to search

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Databases A Beginners Guide

Authors: Andy Oppel

1st Edition

007160846X, 978-0071608466

More Books

Students also viewed these Databases questions

Question

4. How is culture a contested site?

Answered: 1 week ago