Secure Systems Programming: Coursework 2
Added on 2023-01-09
10 Pages2518 Words90 Views
UNIVERSITY OF HERTFORDSHIRE
Academic Year: 2018/2019
Semester: B
School of Computer Science
Secure Systems Programming (online)
Coursework 2 (50%)
Please fill in your student ID
Student ID _____________________
(staff use only)
Total
There are 5 questions of 10 marks each.
Full marks may be obtained by attempting ALL questions.
Page 1
Academic Year: 2018/2019
Semester: B
School of Computer Science
Secure Systems Programming (online)
Coursework 2 (50%)
Please fill in your student ID
Student ID _____________________
(staff use only)
Total
There are 5 questions of 10 marks each.
Full marks may be obtained by attempting ALL questions.
Page 1
1. Answers to Q1
Error 1: In line 7, the number of iterations in the loop should not exceed the size of
array that is they must remain exactly the same number as allowed by the program.
Error 2: In Line 6 we allocate “dest” variable a buffer size which is equal to size of
variable “source” (which is equal to 10). During the 10th and 11th iteration of the loop
which is in Line 7, the indexing of the “dest” and “source” variable exceeds the size
of the memory they are allocated.
Error 3: No inclusion of header files has been done in the code. Main header files to
execute the program are missing.
Error 4: malloc returns a pointer of type void, which needs to be type casted, but no
type casting is done in Line 6. Explicit and implicit type casting is not present.
Error 5: In line 10 the value of i=12, which is already greater than the allowed size
for the variable of “dest” because of which buffer overflow can possibly occur and
program may behave abruptly and may produce output which is not related to any
work.
Page 2
Error 1: In line 7, the number of iterations in the loop should not exceed the size of
array that is they must remain exactly the same number as allowed by the program.
Error 2: In Line 6 we allocate “dest” variable a buffer size which is equal to size of
variable “source” (which is equal to 10). During the 10th and 11th iteration of the loop
which is in Line 7, the indexing of the “dest” and “source” variable exceeds the size
of the memory they are allocated.
Error 3: No inclusion of header files has been done in the code. Main header files to
execute the program are missing.
Error 4: malloc returns a pointer of type void, which needs to be type casted, but no
type casting is done in Line 6. Explicit and implicit type casting is not present.
Error 5: In line 10 the value of i=12, which is already greater than the allowed size
for the variable of “dest” because of which buffer overflow can possibly occur and
program may behave abruptly and may produce output which is not related to any
work.
Page 2
2. Answers to Q2
Answer to 2(i)
The first, second and third chunk of memory are allocated dynamically with the given
specified size mentioned as a parameter in malloc. No value is initialized in the
allocated memory, so basically garbage values are stored in those memory blocks
during memory allocation. Dynamic memory allocation would result in uninitialized
memory allocations so the garbage values are not related and could be anything in
general .
The first chunk of memory allocated is of size 660 bytes and the base address of the
memory block is given by variable “first”.
Similarly, the second and third chunk of memory allocated is of size 220 and 120
bytes respectively and have base address of these memory blocks are given by
variable “second” and “third” respectively.
If the space is insufficient than allocation fails and returns a NULL pointer.
Answer to 2(ii)
The buffer overflow attack can be vulnerable to a great extent. The program starts
showing undefined behavior as it goes in buffer attack. That means anything can
happen, from it crashing to maybe working too but nothing is certain In this case.
Basically when we are writing data in the memory block allocated to the program
then it is fine by the OS, but when we start writing on memory block other than the
allocated one, we may be writing on the memory block which is being used by some
other program or another variable i.e. the space given to other variables or methods
would be used . So it may alter the working of the program that is utilizing that
memory, causing undefined behavior. Sometimes the extra data may hold
instructions by malicious user or hacker that may trigger some kind of actions that
are undesirable by the user and can cause serious issues with program security
point of view. In the given scenario if the argument argv[1] contains a data of 224
bytes with the last 4 bytes being written with the value 4 then it also may cause
segmentation fault because we are creating an invalid memory reference as the
maximum size of that argument argv[1] can have is 220 bytes. Segmentation fault
generally occurs when we try to use up that space which is not allocated to our
program and the memory limit goes out of bound.
Page 3
Answer to 2(i)
The first, second and third chunk of memory are allocated dynamically with the given
specified size mentioned as a parameter in malloc. No value is initialized in the
allocated memory, so basically garbage values are stored in those memory blocks
during memory allocation. Dynamic memory allocation would result in uninitialized
memory allocations so the garbage values are not related and could be anything in
general .
The first chunk of memory allocated is of size 660 bytes and the base address of the
memory block is given by variable “first”.
Similarly, the second and third chunk of memory allocated is of size 220 and 120
bytes respectively and have base address of these memory blocks are given by
variable “second” and “third” respectively.
If the space is insufficient than allocation fails and returns a NULL pointer.
Answer to 2(ii)
The buffer overflow attack can be vulnerable to a great extent. The program starts
showing undefined behavior as it goes in buffer attack. That means anything can
happen, from it crashing to maybe working too but nothing is certain In this case.
Basically when we are writing data in the memory block allocated to the program
then it is fine by the OS, but when we start writing on memory block other than the
allocated one, we may be writing on the memory block which is being used by some
other program or another variable i.e. the space given to other variables or methods
would be used . So it may alter the working of the program that is utilizing that
memory, causing undefined behavior. Sometimes the extra data may hold
instructions by malicious user or hacker that may trigger some kind of actions that
are undesirable by the user and can cause serious issues with program security
point of view. In the given scenario if the argument argv[1] contains a data of 224
bytes with the last 4 bytes being written with the value 4 then it also may cause
segmentation fault because we are creating an invalid memory reference as the
maximum size of that argument argv[1] can have is 220 bytes. Segmentation fault
generally occurs when we try to use up that space which is not allocated to our
program and the memory limit goes out of bound.
Page 3
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Common Errors in C Programming and How to Fix Themlg...
|6
|1243
|342
Secure Systems Programminglg...
|13
|1507
|3
Secure Programming in Clg...
|14
|2158
|367
Understanding Buffer Overflow: Stack and Heap Buffer Overflows, Exploiting Buffer Overflow, JOP and ROPlg...
|11
|1080
|283
Solution Question 1: 1) 2) 3) 4).lg...
|2
|340
|68