1. Consider the following C-code fragment:

int main(int argc, char *argv[]){

char passwd[8];

int continue = 0;

strcpy(passwd, argv[1]);

if(strcmp(passwd, CS3750) == 0)

continue = 1;

if(continue)

login(); /* a method that logs in the user */

}

Note: In C, * indicates a pointer, which behaves similarly to a reference in Java. Therefore, char *argv[] indicates argv as an array of pointers (references to memory addresses) to characters.

(i) Explain how an attacker can achieve buffer-overflow attack with reference to the variables passwd[] and continue. [5 points]

(ii) Explain the ideal ordering of the memory cells (assuming memory addresses increases from left to right) that correspond to these two variables so that this attack can be avoided