Question: 2. Consider the following C code fragment: 1 int 2 main(int argc, char **argv) 3 { 4 5 int n; n = 6 7 if
2. Consider the following C code fragment: 1 int 2 main(int argc, char **argv) 3 { 4 5 int n; n = 6 7 if (argc 2) 8 foobar (argv[1]); 9 else exit (1); 10 11 printf("Hey! %s, nice to meet ya (%d) ", argv[1], n); 12 13 exit (n); 14 } 15 16 int 17 foobar(char *arg) 18 { 19 20 char msg [512]; 21 22 memset(msg, 0, sizeof(msg)); 23 24 strcpy(msg, "Hey! "); 25 26 snprintf(msg + strlen ("Hey: "), I 27 sizeof (msg) strlen ("Hey! ") 1, arg); 28 29 strlen(msg); 30 } return a. Give a thorough description of the program's vulnerability. In particular, name the vulnerability (1 mark) and provide a detailed overview of its exploitation (3 marks). Then, identify and explain thoroughly all the components that are involved in the exploit (4 marks). [8 marks] b. How would an attacker exploit the vulnerability? Hint: describe in detail what the injection vector would look like (and what retaddr and retloc the attacker may use). Use symbolic values and addresses when needed (no need to write down the shellcode). [10 marks] c. Would bounds checkers mitigate the vulnerability (1 mark)? Explain clearly the reasons (1 mark). [2 marks] d. Would StackGuard mitigate the vulnerability (1 mark)? Explain clearly the reasons (2 marks). [3 marks] e. How can the program be fixed? [2 marks]
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help