Computers and Technology, 21.04.2020 01:38 Will1119
Each of the following code fragments contains a number of security vulnerabilities. For each fragment, identify these security vulnerabilities and, for each vulnerability, discuss at least one way that it could be improved. Note that in your discussion of how each vulnerability could be improved, you do not need to re-write a new version of the program in C; simply discuss your solution, either in pseudocode or in 1-2 sentences.
a) /* File Descriptor Leak */
#include
#include
int main(int argc, char *argv[]){
char *filePath = argv[0];
char *shellPath = argv[1];
FILE *passwords;
passwords = fopen(filePath, "r");
/* Read the password and do something with it */
/* . . . */
/* Fork and execute alternative shell */
execl(shellPath, "shell", NULL);
}
b) #include
/*
Assume the following function is written for an electronic storefront.
The user will enter the ID of the item to be ordered, as well
as the quantity of units that they would like to purchase.
The program will then lookup the price for the price for the
item using a predefined function, getPriceByID(), and return
the total cost of the order.
*/
int getTotalCost(){
char itemID[9];
int price, unitsOrdered, cost;
printf("Please enter the 9-digit ID of the item to be ordered: ");
scanf("%s", &itemID);
/* lookup the price according to the itemID */
price = getPriceByID(itemID);
printf("Please enter the quantity of units to be ordered: ");
scanf("%d", &unitsOrdered);
cost = price * unitsOrdered;
return cost;
}
c) #include
/* The following function is intended to return a user's full name
by concatenating the user's first and last name into a single string
and then returning that string. */
char *getFullName(char *firstName, char *lastName, int MAX_LEN){
char fullName[MAX_LEN];
strcpy(fullName, firstName);
strcat(fullName, " ");
strcat(fullName, lastName);
return fullName;
}
d) #include
/* The following code snippet runs through the list of CLI arguments
entered and displays them to the console. */
int main(int argc, char *argv[]){
int i;
printf("You've entered the following arguments: ");
for(i = 0; i < argc; i++){
print(argv[i]);
printf("\n");
}
/* ... */
}
Answers: 3
Computers and Technology, 22.06.2019 22:30
You are new to microsoft certification and want to start out by getting a certification geared around windows 8. what microsoft certification should you pursue?
Answers: 1
Computers and Technology, 23.06.2019 15:30
Write a program in plp assembly that counts up by one starting from zero (or one) inside a loop and writes this value to the leds every time the value is increased. the memory address of the leds is 0xf0200000. the table below shows the meaning and an example usage of the instructions covered in the video, plp instructions for project 1. instruction example usage meaning load immediate li $t0, 8 register $t0 is set to the value, 8. store word sw $t2, 0($t1) the value in register $t1 is used as the memory address. the value in register $t2 is copied into this memory address. add addiu $t4, $t3, 29 register $t4 is assigned the sum of 29 and the value in register $t3. jump j your_label_name the program jumps to the line following the label, "your_label_name: ". label your label name: defines a label called "your_label_name: " that can be jumped to
Answers: 2
Computers and Technology, 23.06.2019 16:00
An english teacher would like to divide 8 boys and 10 girls into groups, each with the same combination of boys and girls and nobody left out. what is the greatest number of groups that can be formed?
Answers: 2
Computers and Technology, 23.06.2019 20:30
1. for which of the following are you not required to signal beforehand? a. changing lanes b. speeding up c. stopping
Answers: 2
Each of the following code fragments contains a number of security vulnerabilities. For each fragmen...
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
English, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Social Studies, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Mathematics, 18.09.2020 23:01
Health, 19.09.2020 01:01
Social Studies, 19.09.2020 01:01
Social Studies, 19.09.2020 01:01