Secure Systems Programming Assignment: Error Identification & Fixes

Verified

Added on 2023/01/23

AI Summary

This document provides solutions to a Secure Systems Programming assignment, addressing code errors, memory allocation, and security vulnerabilities. The assignment includes correcting errors in a provided code snippet involving string manipulation, identifying memory allocation sizes and content, analyzing code for potential vulnerabilities related to buffer overflows, and commenting on the functionality of a code segment. The solutions detail the identification of errors, the correction of code, and the analysis of memory allocation and potential security issues. The assignment covers topics such as `strcpy`, `malloc`, buffer overflows, and code comments, and provides insights into secure coding practices. The solutions are designed to help students understand and address common programming errors and security vulnerabilities in C programming.

Solution
Question 1:
1) In line 4, “size_t i” should be “size_t int i"
2) In line 7, “i=1” should be “i=0”
3) In line 7, “i<11” should be “i<10”
4) Line 10 should not be a part of the code.
Question 2:
The first, second and third chunks of memory are allocated in line no 6,7 and 8 using malloc function
Bytes needed for first memory chunk= 82.5
Bytes needed for second memory chunk= 27.5
Bytes needed for third memory chunk= 15
The first and third values are garbage, the second value is second hence result will be second
argument passed
Question 3
1) Input given : 5, bravo
Where len=5 and src= bravo
Output= br
Value of variable len=5 and size=1
2) The program would have an abnormal run if len is less than 3.
To fix the vulnerability we need to add the following after line no 3:
If size<= 0
{
Return;
}
Question 4
1) Comments are as follows
Line 2: //3 char arrays
Line 3 & line 4: //declaring integer
Line 5: //value of aaa is copied to aaddr
Line 6: //will print the value of aaddr ie 16
Line 7: //will go to a new line

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Line 8: // value of aaddr is being copied to buffer using sprint that is converting char to char
Line 9: //copying value of buffer to format
Line 10: //covertimg value of buffer to type float
Line 11: //it will combine value of format and buffer and store it in format
Line 12: //value of format will be printed
Line 13: //printing value of format, aaa, aaa,bbb
2) It will print the memory address of format and will result in memory leak and exploitation