Homework Solution: In information security, a buffer overflow involving a local variable can cause a program to overwrite memory be…

    In information security, a buffer overflow involving a local variable can cause a program to overwrite memory beyond the buffer’s allocated space in the stack, which can have dangerous consequences. In a stack-based buffer overflow, an attacker could overwrite local variables adjacent in memory to the buffer, which could result in unexpected behaviour. An example of a C program that has a stack buffer overflow vulnerability is shown in the code fragment: #include int main(int argc, char * argv[]) { //Create a buffer on the stack char buf[256]; //Does not check length of buffer before copying argument strcpy(buf,argv[1]); //Print the content of the buffer printf(“%sn”,buf); return 1; } Rewrite the code to fix the buffer overflow flaw in this code fragment. Explain your idea.

    Expert Answer

     
    I will start explaining with a small example how

    In instruction guarantee, a buffer deluge involving a national fickle can action a program to overwrite perpetuation further the buffer’s wholeocated distance in the stack, which can possess dangerous consequences. In a stack-based buffer deluge, an attacker could overwrite national fickles nigh in perpetuation to the buffer, which could product in sudden behaviour. An issue of a C program that has a stack buffer deluge exposure is shown in the regulation driblet:

    #include int deep(int argc, char * argv[])

    { //Create a buffer on the stack char buf[256];

    //Does referable cohibit diffusiveness of buffer precedently mimicking argument

    strcpy(buf,argv[1]);

    //Print the contenteded of the buffer

    printf(“%sn”,buf);

    return 1;

    }

    Rewrite the regulation to tie the buffer deluge defect in this regulation driblet. Explain your subject.

    Expert Counter-argument

     

    I conquer begin explaining with a trivial issue how buffer deluge works. I conquer begin the act with the concept of password validation on twain the server as polite as the client laterality.Here we go,

    1. Consider a state where you possess wholeocated 50 bytes on bulk perpetuation affect ardent under char *pt =(char *) malloc (50);
    • Now if you begin answerableness referableability affect this pt[50] = ‘a’;
    • This may bring to clang in most of the cases beaction the pointer is referable at whole wholeowed to appropinquation bulk perpetuation that does referable appertain to the pointer.

    2. Consider another scenario in which you conquer examine to supply the buffer further it’s fullest tonnage.So we transfer, char buf[50] ={0};

    • Now strcpy(buf,”This conquer deluge the Buffer”);

    Now ,the regulation coercion the issue of the buffer overlow:

    main.c

    #include <stdio.h>
    #include <string.h>

    int deep(void)
    {
    char buf[15];
    int pswd = 0;

    printf(“n Enter the password : n”);
    gets(buf);

    if(strcmp(buf, “akshaybisht”))
    {
    printf (“n Wrong Password n”);
    }
    else
    {
    printf (“n Correct Password n”);
    pswd = 1;
    }

    if(pswd)
    {
    /* Radix or admin hues to user are granted*/
    printf (“n Radix privileges ardent to the user n”);
    }

    return 0;
    }

    Hence, in this regulation if the password is loose then to-boot the user conquer obtain the radix priviliges. The conclude following this is that the obtains() character does referable season the user to cohibit the marshal limit and if the attacker comes to perceive environing the buffer deluge exposure in the regulation he/she conquer fashion appropinquation to the plan outside authenticating.

    You can understand the output as under: