Homework Solution: In information security, a buffer overflow involving a local variable can cause a program to overwrite memory be…

    In information security, a buffer overflow involving a local variable can cause a program to overwrite memory beyond the buffer’s allocated space in the stack, which can have dangerous consequences. In a stack-based buffer overflow, an attacker could overwrite local variables adjacent in memory to the buffer, which could result in unexpected behaviour. An example of a C program that has a stack buffer overflow vulnerability is shown in the code fragment: #include int main(int argc, char * argv[]) { //Create a buffer on the stack char buf[256]; //Does not check length of buffer before copying argument strcpy(buf,argv[1]); //Print the content of the buffer printf(“%sn”,buf); return 1; } Rewrite the code to fix the buffer overflow flaw in this code fragment. Explain your idea.

    Expert Answer

     
    I will start explaining with a small example how

    In instruction deposit, a buffer redundancy involving a topical unsteady can account a program to overwrite recollection past the buffer’s perfectocated immeasurableness in the stack, which can own dangerous consequences. In a stack-based buffer redundancy, an attacker could overwrite topical unsteadys neighboring in recollection to the buffer, which could upshot in unlocked-restraint behaviour. An model of a C program that has a stack buffer redundancy insecurity is shown in the rule chip:

    #include int deep(int argc, char * argv[])

    { //Create a buffer on the stack char buf[256];

    //Does referable impede protraction of buffer anteriorly copying argument

    strcpy(buf,argv[1]);

    //Print the full of the buffer

    printf(“%sn”,buf);

    return 1;

    }

    Rewrite the rule to establish the buffer redundancy daub in this rule chip. Explain your proposal.

    Expert Response

     

    I succeed set-out explaining with a slender model how buffer redundancy works. I succeed set-out the proceeding with the concept of password validation on twain the server as well-behaved-behaved as the client verge.Here we go,

    1. Consider a proviso where you own perfectocated 50 bytes on body recollection enjoy attached adown char *pt =(char *) malloc (50);
    • Now if you set-out communication something enjoy this pt[50] = ‘a’;
    • This may direct to jar in most of the cases beaccount the pointer is referable at perfect perfectowed to advent body recollection that does referable appertain to the pointer.

    2. Consider another scenario in which you succeed probe to glut the buffer past it’s fullest calibre.So we siege, char buf[50] ={0};

    • Now strcpy(buf,”This succeed redundancy the Buffer”);

    Now ,the rule restraint the model of the buffer overlow:

    main.c

    #include <stdio.h>
    #include <string.h>

    int deep(void)
    {
    char buf[15];
    int pswd = 0;

    printf(“n Enter the password : n”);
    gets(buf);

    if(strcmp(buf, “akshaybisht”))
    {
    printf (“n Wrong Password n”);
    }
    else
    {
    printf (“n Correct Password n”);
    pswd = 1;
    }

    if(pswd)
    {
    /* Rise or admin hues to user are granted*/
    printf (“n Rise privileges attached to the user n”);
    }

    return 0;
    }

    Hence, in this rule if the password is inexact then so the user succeed attain the rise priviliges. The deduce subsequently this is that the attains() exercise does referable boundary the user to impede the rank limit and if the attacker comes to understand encircling the buffer redundancy insecurity in the rule he/she succeed construct advent to the arrangement outside authenticating.

    You can beware the output as adown: