Answered step by step
Verified Expert Solution
Question
1 Approved Answer
1) Analyze and compare the results of the images above 2) Modify the programs according to the results above 3) List the functions you corrected,
1) Analyze and compare the results of the images above
2) Modify the programs according to the results above
3) List the functions you corrected, and how you corrected it
Player Applications Places System 0 student@ubuntu: File Edit View Search Terminal Help Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead. test.c:35: High: syslog test.c:36: High: syslog test.c:38: High: syslog Truncate all input strings to a reasonable length before passing then to this function test.c:45: High: fixed size local buffer test.c:46: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks test.c:49: High: mbscpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:52: High: Istrcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow test.c:5S: High: strncat test.c:56: High: strncat Consider using strlcat) instead. test.c:55: High: strncat test.c:56 High: strncat Check to be sure that argument 1 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:75: High: CreateProcess Many program execution commands under Windows wit search the path for a program if you do not explicitly specify a full path to the file. This can allow trojans to be executed instead. Also, be sure to specify a file extension, since otherwise multiple extensions will be tried by the operating system, providing another opportunity for trojans. test.c:91: High: getopt long Truncate all input strings to a reasonable length before passing them to this function test.c:73: Medim: SetsecurityDescriptorDacl If the third argument, poacl, is NULL there is no protection from attack. As an example, an attacker could set a Deny Al to Everyone ACE on such an object. studenteubuntu:-s I student (test.c(-)-ge a student@ubuntur- O Type here to search Player Applications Places System 0 student@ubuntu: File Edit View Search Terminal Help Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead. test.c:35: High: syslog test.c:36: High: syslog test.c:38: High: syslog Truncate all input strings to a reasonable length before passing then to this function test.c:45: High: fixed size local buffer test.c:46: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks test.c:49: High: mbscpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:52: High: Istrcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow test.c:5S: High: strncat test.c:56: High: strncat Consider using strlcat) instead. test.c:55: High: strncat test.c:56 High: strncat Check to be sure that argument 1 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. test.c:75: High: CreateProcess Many program execution commands under Windows wit search the path for a program if you do not explicitly specify a full path to the file. This can allow trojans to be executed instead. Also, be sure to specify a file extension, since otherwise multiple extensions will be tried by the operating system, providing another opportunity for trojans. test.c:91: High: getopt long Truncate all input strings to a reasonable length before passing them to this function test.c:73: Medim: SetsecurityDescriptorDacl If the third argument, poacl, is NULL there is no protection from attack. As an example, an attacker could set a Deny Al to Everyone ACE on such an object. studenteubuntu:-s I student (test.c(-)-ge a student@ubuntur- O Type here to searchStep by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started