Question 1: Why does ASLR make buffer-overflow attack more difficult? [20 points]

Question 2: The buffer overflow example was fixed as below. Is this safe? [20point]

int bof (char *str, int size) {

char *buffer = (char *) malloc (size); strcpy (buffer, str);

return 1;

}

Question 3: [40 points]

Let us consider the following program, where the copy function is a (naive) attempt to protect the execution against buffer overflow vulnerabilities:

(a) This program is not secure : there exists a user input allowing to call foo with an array argument t containing more than 15 characters. Give an example of such input.

(b) Give two examples of protections (either code-level, compiler-level or execution platform-level) that may detect/prevent this kind of code weakness (i.e., unsafe buffer copy function).