Question: This code sets user passwords on a machine. Analyze the code. If this code is vulnerable to buffer overflow attacks, state the vulnerability with

This code sets user passwords on a machine. Analyze the code. If 

This code sets user passwords on a machine. Analyze the code. If this code is vulnerable to buffer overflow attacks, state the vulnerability with a possible attack scenario. Additionally, if this code is vulnerable to the buffer overflow attack, show how you will remove this vulnerability. }; char name[20]; char password [8]; struct userList{ struct user users [MAX_NUM_USERS]; int numOfUsers; }; } bool SetUserPassword (char *userName, char *userPassword, struct userList *list) { struct user newUser; strcpy (newUser.name, userName); strcpy (newUser.password, userPassword); if (list->numOf Users +1 >= MAX_NUM_USERS) { printf("USER LIST IS FULL "); return(false); }else{ // update user list. list->numOfUsers = list->numOfUsers + 1; list->users [list->numOfUsers] return(true); - newUser;

Step by Step Solution

3.43 Rating (159 Votes )

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock

Answer This code is indeed vulnerable to buffer overflow attacks due to the use of the strcpy function without proper bounds checking The vulnerabilit... View full answer

blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

Q:

1. T1 lines can use twisted-pair, coaxial or fiber-optic cabling while T3 lines can use coaxial or fiber-optic cabling 2. Multiplexing enables several communication streams to travel simultaneously...

Q:

This question concerns lexical grammars. (a) Tree Adjoining Grammars contain two types of elementary tree. (i) What are these trees called? [1 mark] (ii) If one were building a grammar for English...

Q:

answer the question clearly You are building a flight-control system for which a convincing safety case must be made. Would you assign the tasks of safety requirements engineering, test case...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

Q:

please answer 4,5&6 as they are interconnected to task 1&2 . the first page is instructions and then task 2 . at the end i have uploaded task 1 . dont know the answer? task 4,5&6 based on 1&2 SEED...

Q:

Attacks Types of Cyber Attacks Denial-of-Service (DoS) Attacks - are a type of network attack. A DoS attack results in some sort of interruption of network services to users, devices, or...

Q:

Explain that some software development problems result in software that is difficult or impossible to deploy in a secure fashion. There are at least two dozen problem areas or categories in software...

Q:

Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which...

Q:

TRUE/FALSE QUESTIONS: 1. A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility. 2. The correct implementation in the case of an atomic...

Q:

how do each of the following affect the level of oxyhemoglobin? 5. value: 10.00 points How do each of the following affect the level of oxyhemoglobin? Increased temperature Decrnased pH on 5 (of 18)...

Q:

Consolidated Financial Statements Relationship between Parent and Subsidiary is Gold (Parent) and Silver (Subsidiary) Gold acquired 30% of Bronze's share capital also Question 1- 40 marks Gold plc,...

Q:

what is used when funds are to be returned to a customer? a cash payment, an invoice, a credit memo, a refund receipt

Q:

Fill out the market analysis worksheet based on the following information. The Subject property is located in Sweetbriar subdivision at 144 Sweetbriar Trail. It is an eight room, one story, wood...

Q:

The Oriole Hotel opened for business on May 1, 2022. Here is its trial balance before adjustment on May 31. ORIOLE HOTEL Trial Balance May 31, 2022 Cash Supplies Prepaid Insurance Land Buildings...

Q:

Post the adjusting entries to the ledger accounts. Enter the totals from the trial balance as beginning account balances. (Use T-Accounts.) (Post entries in the order of journal entries presented in...

Q:

Capital Crystal, Inc., is a major importer of crystal from the United Kingdom. The crystal is sold to prestigious retail stores throughout the United States. The imports are denominated in British...

Q:

The Alice Brittain Estate, valued at $14.8 million, includes the following assets: A joint and last survivor annuity that pays Alice $5,000 monthly; the surviving annuitant, her sister, Joan, would...

Q:

How did Standard Bank South Africa address the challenge of talent attraction and retention? Group of answer choices They provided mental health support to employees They offered competitive salaries...

Q:

Recall that spam is unsolicited commercial e-mail. While many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks. Explain that mail bombing is another form of...

Q:

Present that this provides the best practices and security principles that can direct the security team in the development of a security blueprint. Assess and discuss the philosophical principles...

Q:

I. Obtain an understanding that janitors or custodians are often the least scrutinized people in a facility, yet they have access to nearly every part of a facilityincluding computer rooms and wiring...

Q:

Oriole Corporation, a privately-held company, has one class of voting common stock, of which 1,000 shares are issued and outstanding. The shares are owned as follows: Larry...

Q:

Bonnie and Clyde are the only two shareholders in Getaway Corporation. Bonnie owns 60 shares with a basis of $3,000, and Clyde owns the remaining 40 shares with a basis of $12,000. At year end,...

Q:

Badger Corporation declared a stock dividend to all shareholders of record on March 25of this year. Shareholders will receive one share of Badger stock for each ten shares of stock they already own....