I would appreciate some assistance in understanding a C++ issue. I'm taking a course in CyberSecurity that relies on C++ for its examples. My background is Dot-Net so I'm more than a bit lost. I'm jamming to learn C++ but I'm not at the point to understand this yet.
If someone can help me understand these so I can at least start to understand how the issue is derived and take it from there. This is NOT homework. It's examples given that I'm struggling to understand and there is no interaction available to discuss with others.
==============================================
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
|
#include <stdio.h>
#include <string.h>
#define S 100
#define N 1000
int main(int argc, char *argv[]) {
char out[S];
char buf[N];
char msg[] = "Welcome to the argument echoing program\n";
int len = 0;
buf[0] = '\0';
printf(msg);
while (argc) {
sprintf(out, "argument %d is %s\n", argc-1, argv[argv-1]);
argc--;
strncat(buf,out,sizeof(buf)-len-1);
len = strlen(buf);
}
printf("%s",buf);
return 0;
}
|
=============================================
#1:
This code above is vulnerable to a buffer overflow.
What is the name of the buffer that can be overflowed?
#2:
In the code above - what line of code can overflow the vulnerable buffer?
#3:
One line can be changed and make the buffer overflow go away. What line would that be?
#4:
What attacks is the program vulnerable to?
Code injection, data corruption, reading arbitrary addressed in memory, all of them
#5:
If I changed printf("%s",buf) to printf(buf) then the program would be vulnerable to what sort of attack?
Heap overflow, format string attack, user-after-free attack, all of them.
Thanks to whomever takes the time to help!!