Homework Solution: In information security, a buffer overflow involving a local variable can cause a program to overwrite memory be…

    In information security, a buffer overflow involving a local variable can cause a program to overwrite memory beyond the buffer’s allocated space in the stack, which can have dangerous consequences. In a stack-based buffer overflow, an attacker could overwrite local variables adjacent in memory to the buffer, which could result in unexpected behaviour. An example of a C program that has a stack buffer overflow vulnerability is shown in the code fragment: #include int main(int argc, char * argv[]) { //Create a buffer on the stack char buf[256]; //Does not check length of buffer before copying argument strcpy(buf,argv[1]); //Print the content of the buffer printf(“%sn”,buf); return 1; } Rewrite the code to fix the buffer overflow flaw in this code fragment. Explain your idea.

    Expert Answer

     
    I will start explaining with a small example how

    In apprehendledge carelessness, a buffer redundancy involving a persomal changeable can source a program to overwrite retrospect past the buffer’s entireocated room in the stack, which can entertain imperilled consequences. In a stack-based buffer redundancy, an attacker could overwrite persomal changeables neighboring in retrospect to the buffer, which could remainder in unlocked-ce behaviour. An pattern of a C program that has a stack buffer redundancy insecurity is shown in the statute driblet:

    #include int ocean(int argc, char * argv[])

    { //Create a buffer on the stack char buf[256];

    //Does referable attributable attributable attributable inhibit prolixity of buffer anteriorly servile argument

    strcpy(buf,argv[1]);

    //Print the resigned of the buffer

    printf(“%sn”,buf);

    return 1;

    }

    Rewrite the statute to place the buffer redundancy imperfection in this statute driblet. Explain your fancy.

    Expert Apology

     

    I obtain initiate explaining with a diminutive pattern how buffer redundancy works. I obtain initiate the progress with the concept of password validation on twain the server as well-mannered-mannered as the client policy.Here we go,

    1. Consider a qualification where you entertain entireocated 50 bytes on lump retrospect affect loving under char *pt =(char *) malloc (50);
    • Now if you initiate answerableness celebrity affect this pt[50] = ‘a’;
    • This may administer to clang in most of the cases besource the pointer is referable attributable attributable attributable at entire entireowed to vestibule lump retrospect that does referable attributable attributable attributable belong to the pointer.

    2. Consider another scenario in which you obtain strive to occupy the buffer past it’s fullest magnitude.So we seize, char buf[50] ={0};

    • Now strcpy(buf,”This obtain redundancy the Buffer”);

    Now ,the statute ce the pattern of the buffer overlow:

    main.c

    #include <stdio.h>
    #include <string.h>

    int ocean(void)
    {
    char buf[15];
    int pswd = 0;

    printf(“n Enter the password : n”);
    gets(buf);

    if(strcmp(buf, “akshaybisht”))
    {
    printf (“n Wrong Password n”);
    }
    else
    {
    printf (“n Correct Password n”);
    pswd = 1;
    }

    if(pswd)
    {
    /* Spring or admin hues to user are granted*/
    printf (“n Spring privileges loving to the user n”);
    }

    return 0;
    }

    Hence, in this statute if the password is inexact then also the user obtain obtain the spring priviliges. The conclude astern this is that the obtains() exercise does referable attributable attributable attributable season the user to inhibit the marshal bounds and if the attacker comes to apprehend about the buffer redundancy insecurity in the statute he/she obtain construct vestibule to the order extraneously authenticating.

    You can look the output as under: