Software security, computer science homework help

User Generated

Xvat_Abguvat

Computer Science

Description

Hello.

Could you please follow the attachment bellow there are the questions .


best regards

Unformatted Attachment Preview

5. Assume a program contains the following statement. Discuss the possible outcomes of the statement. Why does the statement produce such outcomes? printf ("%s%s%s%sº %s%s%s%s"); Software and OS Security Final Exam 1. Draw a stack layout for each of the invocation of func(). You can assume each return address is 0x1000, 0x2000, 0x3000, 0x400, etc. Please indicate The grow direction of stack b. The old EBP, local variables, arguments, and return address The return value of the function a. c. void func(int a, int b){ int c=a+b; if(a
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

hiPFA. I have explained all questions as much as possible. 

1.

2.


A buffer overflow attack is known to be a scenario in programming where a program
overruns the boundary of a buffer and write the memory locations outside of the buffer
while writing to that buffer itself. This violates the safety of memory. Specially designed
inputs to execute code can trigger buffer overflow attacks. This results in memory access
errors, erratic program behavior and sometime crashes the program itself.
Let us know take a closer look at the program “stack.c” in a view of learning how buffer
overflow works. So, going by the definition of buffer overflow attacks, the mentioned
program “stack.c” can be good candidate for a buffer overflow attack. As we can see, in
bof() method the strcpy copies the string str into the buffer. Now, the size of
buffer declared is 24 bytes. While, the source string str which is being copied to the
variable buffer is of length 517 bytes. So, the variable str is trying to write data outside
the boundary of buffer. This may cause a buffer overflow attack if string str is well
designed to serve as a proper buffer overflow input.

1



To launch a successful buffer overflow attack the attacker needs to know the address of the
important variable on stack. That said, i essentially means a buffer overflow on its own is
uninteresting leading to a program crash most of the time. However, a successful buffer
overflow will either read or write a sensitive variable on stack e.g. an unencrypted
password or variable holding privilege bits. Knowing the addresses of such variables is not
trivial and often depends on attackers’ ingenuity. With some amount o...

Related Tags