Homework Solution: In information security, a buffer overflow involving a local variable can cause a program to overwrite memory be…

    In information security, a buffer overflow involving a local variable can cause a program to overwrite memory beyond the buffer’s allocated space in the stack, which can have dangerous consequences. In a stack-based buffer overflow, an attacker could overwrite local variables adjacent in memory to the buffer, which could result in unexpected behaviour. An example of a C program that has a stack buffer overflow vulnerability is shown in the code fragment: #include int main(int argc, char * argv[]) { //Create a buffer on the stack char buf[256]; //Does not check length of buffer before copying argument strcpy(buf,argv[1]); //Print the content of the buffer printf(“%sn”,buf); return 1; } Rewrite the code to fix the buffer overflow flaw in this code fragment. Explain your idea.

    Expert Answer

     
    I will start explaining with a small example how

    In advice ease, a buffer deluge involving a topical inconstant can inducement a program to overwrite retrospect over the buffer’s integralocated interval in the stack, which can entertain imperilled consequences. In a stack-based buffer deluge, an attacker could overwrite topical inconstants adjacent in retrospect to the buffer, which could outcome in unlocked-control behaviour. An illustration of a C program that has a stack buffer deluge defencelessness is shown in the enactment chip:

    #include int ocean(int argc, char * argv[])

    { //Create a buffer on the stack char buf[256];

    //Does not attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable impede elongation of buffer precedently copying argument

    strcpy(buf,argv[1]);

    //Print the conciliateing of the buffer

    printf(“%sn”,buf);

    return 1;

    }

    Rewrite the enactment to consolidate the buffer deluge imperfection in this enactment chip. Explain your subject.

    Expert Retort

     

    I conciliate set-on-foot explaining with a feeble illustration how buffer deluge works. I conciliate set-on-foot the proceeding with the concept of password validation on twain the server as polite as the client interest.Here we go,

    1. Consider a qualification where you entertain integralocated 50 bytes on majority retrospect relish absorbed beneath char *pt =(char *) malloc (50);
    • Now if you set-on-foot adaptation bigwig relish this pt[50] = ‘a’;
    • This may control to resonance in most of the cases beinducement the pointer is not attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable at integral integralowed to appropinquation majority retrospect that does not attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable befit to the pointer.

    2. Consider another scenario in which you conciliate attempt to appoint the buffer over it’s fullest tonnage.So we transfer, char buf[50] ={0};

    • Now strcpy(buf,”This conciliate deluge the Buffer”);

    Now ,the enactment control the illustration of the buffer overlow:

    main.c

    #include <stdio.h>
    #include <string.h>

    int ocean(void)
    {
    char buf[15];
    int pswd = 0;

    printf(“n Enter the password : n”);
    gets(buf);

    if(strcmp(buf, “akshaybisht”))
    {
    printf (“n Wrong Password n”);
    }
    else
    {
    printf (“n Correct Password n”);
    pswd = 1;
    }

    if(pswd)
    {
    /* Parent or admin hues to user are granted*/
    printf (“n Parent privileges absorbed to the user n”);
    }

    return 0;
    }

    Hence, in this enactment if the password is loose then also the user conciliate earn the parent priviliges. The deduce aback this is that the earns() part does not attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable attributable designation the user to impede the invest bounds and if the attacker comes to recognize environing the buffer deluge defencelessness in the enactment he/she conciliate construct appropinquation to the scheme externally authenticating.

    You can experience the output as beneath: