Consider the following piece of C code;int main(int argc, char *argv);char continue = 0;char password;strcpy(password, argv[1 ]);if (strcmp(password, ?CS1 66?)==0);continue = 1;if (continue);*login();in the above code, *login() is a pointer to the function login() (in c, one can declare pointers to functions which means that the call to the function is actually a memory address that indicates where the executable code of the function lies). (1) Is this code vulnerable to a buffer-overflow attack with reference to the variables password and continue? if yes, describe how an attacker can achieve this and give an ideal ordering of the memory cells (assume that the memory address increase from left to right) that correspond the variables password and continue of the code so that this attack can be avoided. (2)To fix the problem, a security expert suggests to remove the variable continue and simply use the comparison for login. Does this fix the vulnerability? What kind of new buffer overflow attack can be achieved in a multiuser system where the login() function is shared by a lot of users(both malicious and nonmalicious) and many users can try to log in at the same time? Assume for this question only (regardless of real systems' behavior) that the pointer is on the stack rather that in the data segment, or a shared memory segment. (3) What is the existing vulnerability when login() is not a pointer to the function code but terminates with a return() command? Note that the function strcpy does not check an array's length.
Paper#71734 | Written in 18-Jul-2015Price : $27