Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

information security question. Thank you Let us consider the following program, where the copy function is a (naive) attempt to protect the execution against buffer

information security question. Thank you image text in transcribed
image text in transcribed
Let us consider the following program, where the copy function is a (naive) attempt to protect the execution against buffer overflow vulnerabilities: void copy(char b[], int 1){ // b is a string and 1 is its length char t(16) ; // 16 bytes int ok; // 4 bytes if (1 > 15) ok = 0; else ok = 1; strcpy(t, b); // copy b into t if (ok==0) { // a buffer overflow did occur in t printf("a buffer overflow occured!"); exit(0); } else // t contains no more than 15 characters (no overflow) foo(t); int main() { char buf (24); scanf("%s", buf); // read a string value from the user into buf copy (buf, strlen(buf)); // strlen(buf) is the number of characters in buf return 0; (a) This program is not secure : there exists a user input allowing to call foo with an array argument t containing more than 15 characters. Give an example of such input. (b) Give two examples of "protections" (either code-level, compiler-level or execution platform-level) that may detect/prevent this kind of code weakness (i.e., unsafe buffer copy function)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Oracle RMAN For Absolute Beginners

Authors: Darl Kuhn

1st Edition

1484207637, 9781484207635

More Books

Students also viewed these Databases questions

Question

=+4. What do you think?

Answered: 1 week ago