Question: Q . 8 . ( Marks: 1 0 ) #include #include #include int foo ( char * str ) { char buffer [ 1 0

. 8 . (

Marks:

10)

#include #include #include int foo

(

char

*

str

)

{

char buffer

[100]

;

/ *

The following statement has a buffer overflow problem

* /

strcpy

(

buffer

,

str

)

; return

1

;

int main

(

int argc, char

* *

argv

)

char str

[400]

;

FILE

*

badfile;

badfile

=

fopen

("

badfile

", "

")

;

"

fread

(

str

,

sizeof

(

char

), 300,

badfile

)

;

foo

(

str

)

;

printf

("

Returned Properly

")

;

return

1

;

In the above given sample code expalin how you would perform a bufferoverflow attack. Draw a detailed diagram of position of variables placed on the stack. Finally also explain how canary based protection mechanism can be used as defense.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

In the buffer overflow example shown in the code below, the buffer overflow occurs inside the strcpy() function, so the jumping to the malicious code occurs when strcpy() returns, not when foo()...

3 points) 12 points) Run each er laptop. DO NOT Use and ints) Run each piece of code below and record the actual time le seconds) it takes. Use a desktop DO NOT use an online complier. Pay attention...

Exercise: Buffer Overflow (85 points) The Buffer Overflow vulnerability has been discovered as early as 1972, and has long been among the most critical application security flaws. It is still very...

URL Class Uniform Resource Locators (URLs) are commonly used in the world wide web as addresses for HTML web pages. URLs can be divided into distinct segments including the scheme, user, password,...

These functions are part of a simple shopping cart application where the user is asked to select items to add to their cart by item name. The program maintains a list of item names for sale and...

Here is the code in text format stringhelp.h #pragma once #ifndef STRINGHELP_H #define STRINGHELP_H #define MAX_STRING_SIZE 511 #define MAX_INDEX_SIZE 100 #define MAX_WORD_SIZE 23 struct StringIndex...

Write in C Programming for my understanding You are being asked to implement a timed quiz which stores the questions and answers in different files named quest.txt and ans.txt (Note: these are...

I need some help to correct this code Instructions The following program takes a string and builds an index of it. The index indicates the: Start of each line in the string, Start of each word in the...

fix the code import java.util.InputMismatchException; import java.util.LinkedList; import java.util.Queue; import java.util.Scanner; public class Direct { String[] strAr1 = new String[99]; int...

The railroad industry has developed a number of new types of equipment to replace the standard box car. What is the rationale supporting the diversification of equipment?

Figure CS-43 is a water pump impeller used by a major automotive parts manufacturer. The outer diameter of the component is 2.75 inches and the height is specified at 0.75 ± 0.005 inches. The...

Select the correct answer for each of the following statements. (a) In selecting the purchase of one of two machines to replace an old machine, the management of Ashworth Company should consider...

CT Corp Comprehensive Question Canadian Tire Corporation, Limited ( Canadian Tire ) is a family of companies that includes a retail segment and a financial services division, among others. The retail...

Read the research article by Collinson and Collinson (focus on research 9.1) and discuss which you believe to be the most appropriate of the four different courses of action.

Obtain a copy of Honey and Mumfords Learning Style Analysis and identify which grouping indicates your preferred style. Discuss with two of your colleagues how this knowledge will infl uence your...

(a) In respect of the Meteor case study, what additional information will Sarah need to enable her to make a balanced judgement on the situation? (b) A meeting has been fi xed between Sarah, June and...