Unformatted Attachment Preview
24h Take-Home Exam
09:00 AM, April 14, 2020
Organisation of the Exam
You have at most 24 hours to answer this take-home exam. During this period, you
are allowed to use the course book, the slides from the lecture, and your own
notes on the lectures and the exercises. You are specifically not allowed to discuss
the tasks with another person. In case you have any questions regarding the
exam, you are welcome to discuss with me. You should answer this exam in
English. Your solution must be handed in via blackboard before 10:00 AM, April
1. The safewrite function below is supposed to check for out-of-bounds
when accessing an array.
However, this check may fail in one on the two following calls to this function :
a. Can you tell which one, and why it fails ?.
b. How to strengthen the safewrite function ?
2. Let us consider the C code below:
When t2 is copied into t1 then t1 overflows and the value "2" may:
− either overwrite t
− or overwrite the frame pointer (fp) and/or the return address (leading
to a crash)
− or overwrite some padding zone (with no influence on the program
The stack layout (i.e., the way local variables are stored in the stack) may
vary from one compiler to another.
Figure below shows a stack layout corresponding to each of these
A. the program crashes (because of an invalid memory access)
B. no crash, and the program prints 0 as the value of t
C. the program prints 2 as the value of t
Match each situation (A,B,C) to the appropriate Satck layout (a, b, c)
Task#2— Integer Security
The C language authorizes explicit and implicit conversions (i.e., with or without a
cast) between integers. For instance, short int may be converted into long
int (and conversely), and signed int may be converted into unsigned int
(and conversely). However, according to the CERT secured coding standards,
such conversions must be guaranteed not to result in lost or misinterpreted data.
Let us consider for instance the following function func which takes as a
parameter param an unsigned long int value and converts it as a signed
char before using it:
1. Assuming that long int are encoded on 32 bits and char are encoded on
8 bits explain why this function is insecure (giving an example of userprovided value for param producing lost or misinterpreted data).
2. Give an example of vulnerability that may occur within function func due
to the problem raised in question 1. You don't need to give a complete
code example (nor to fully respect the C syntax), but you should clearly
indicate how this vulnerability is triggered, and what is the potential gain for
3. How to modify the function func in order to keep the type conversion but
to warn the user in case of insecure behavior? (give the new version of this
4. According to the CERT, the only integer type conversions that are
guaranteed to be safe for all data values and all possible conforming
implementations are conversions of an integral value to a wider type of the
a. explain why this assertion holds;
b. do you think such a property could be verified at compile-time?
Task#3—Race Condition Vulnerability
How many race conditions does attackers have to win in the following program?
Task#4— Cross Site Request Forgery
If a page from www.example.com contains an iframe, inside which a Facebook
page is displayed. If a request is sent from inside the iframe, is it considered as a
cross-site request or not? If not, how can be this secured?
Task#4— Cross Site Request Forgery
to be mixed with data. From the security perspective, mixing code with data is
very dangerous. XSS gives us an example. Please provide two other examples that
can be used to demonstrate that mixing code with data is bad for security.