This code sets user passwords on a machine. Analyze the code. If this code is vulnerable...

 

Transcribed Image Text:

This code sets user passwords on a machine. Analyze the code. If this code is vulnerable to buffer overflow attacks, state the vulnerability with a possible attack scenario. Additionally, if this code is vulnerable to the buffer overflow attack, show how you will remove this vulnerability. }; char name[20]; char password [8]; struct userList{ struct user users [MAX_NUM_USERS]; int numOfUsers; }; } bool SetUserPassword (char *userName, char *userPassword, struct userList *list) { struct user newUser; strcpy (newUser.name, userName); strcpy (newUser.password, userPassword); if (list->numOf Users +1 >= MAX_NUM_USERS) { printf("USER LIST IS FULL "); return(false); }else{ // update user list. list->numOfUsers = list->numOfUsers + 1; list->users [list->numOfUsers] return(true); - newUser; This code sets user passwords on a machine. Analyze the code. If this code is vulnerable to buffer overflow attacks, state the vulnerability with a possible attack scenario. Additionally, if this code is vulnerable to the buffer overflow attack, show how you will remove this vulnerability. }; char name[20]; char password [8]; struct userList{ struct user users [MAX_NUM_USERS]; int numOfUsers; }; } bool SetUserPassword (char *userName, char *userPassword, struct userList *list) { struct user newUser; strcpy (newUser.name, userName); strcpy (newUser.password, userPassword); if (list->numOf Users +1 >= MAX_NUM_USERS) { printf("USER LIST IS FULL "); return(false); }else{ // update user list. list->numOfUsers = list->numOfUsers + 1; list->users [list->numOfUsers] return(true); - newUser;

Answer rating: 100% (QA)

Answer This code is indeed vulnerable to buffer overflow attacks due to the use of the strcpy function without proper bounds checking The vulnerabilit... View the full answer