Question: I know that the following C program is vulnerable to a buffer overflow attack based on its use of strcopy and because the array buffer
I know that the following C program is vulnerable to a buffer overflow attack based on its use of strcopy and because the array "buffer" can hold at most 99 characters and the null terminator. Despite this, I am unsure how to eliminate the issue of buffer overflow. Should I be restricting the input from the user somehow to allow only a certain amount of characters? Any help is greatly appreciated, thank you.
#include
void bufferOverflow(char *arg) { char buffer[100]; strcopy(buffer, arg);
if (strcmp(buffer, "Option") == 0 || strcmp(buffer, "option") == 0) ( printf(" bufferOverflow: overflow [Option] "); printf("Option (option) : Displays this message. "); } else { printf(" Unknown Command: \"%s\" ", buffer); } }
int main (int argc, char **argv) { if (argc == 2) { bufferOverflow(argv[1]); } else { printf(" This program expects an argument. "); }
return 0; }
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help