Thread: Security Engineering; Simple Question

  1. #1
    Registered User
    Join Date
    May 2020
    Posts
    1

    Question Security Engineering; Simple Question

    Hey, guys,


    I am absolutely new to C programming. Currently I am preparing for my new course of studies IT Security. In a slightly older exam I found a task where I have no approach how to solve it. The task is in German. In principle it is about finding critical errors.
    It is not written how the passed parameters look like. I have come to the point that you should not use strcpy() because it has no bounds checking. Also char[10] should not be used if you want to store 10 characters (\0). Can someone help me a little bit? I would like to mention again that you help me here personally and do not help to collect bonus points in the university.


    Security Engineering; Simple Question-it_sec_klausur01_2017-png

    Thank you !

  2. #2
    Registered User
    Join Date
    Apr 2019
    Posts
    48
    Can you use `strncpy`?

    And why are you doing math on a string?

  3. #3
    Registered User
    Join Date
    Feb 2019
    Posts
    680
    Problems with this code:
    1. your buffer (code) has obly 10 chars (as you notice) and 11 bytes are being copied;
    2 '9' (value: 57) is not the same thing as 9;
    3. argv[1] could have less then 10 chars

    I don't know german, so I cannot know what is being asked.

  4. #4
    Registered User
    Join Date
    May 2009
    Posts
    3,868
    Using literal constants instead of defines is also a problem.
    Magic number (programming) - Wikipedia

    Tim S.
    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.." Bill Bryson

  5. #5
    Registered User
    Join Date
    Feb 2019
    Posts
    680
    Another one: printf() should have the format string in line 5, as in:
    Code:
      printf( "%s", argv[1] );

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. C instead of C++ for Engineering
    By millsy2000 in forum C Programming
    Replies: 8
    Last Post: 04-23-2010, 12:10 AM
  2. Security question...
    By 3saul in forum C Programming
    Replies: 2
    Last Post: 06-15-2006, 01:27 AM
  3. General Socket TCP/UDP Security Question
    By Zeusbwr in forum Networking/Device Communication
    Replies: 5
    Last Post: 08-04-2005, 04:18 PM
  4. simple simple design question
    By Chaplin27 in forum C++ Programming
    Replies: 6
    Last Post: 05-31-2005, 11:33 PM
  5. I'm going into engineering
    By Silvercord in forum A Brief History of Cprogramming.com
    Replies: 18
    Last Post: 02-24-2004, 10:26 AM

Tags for this Thread