Parte importante de cyber security es poder arreglar código. Aquí hay 5 labs que pueden servirles para entender porque. Fueron mi lab1 de mi materia de software assurance en Queen’s University Belfast, 2016.
Lab2_q1.c
/********************************************************/ /* ELE8094 SwA Assessed Practical 2 Q1 2016 */ /* */ /* What is the value of result in the code */ /* Explain the flaw */ /* Define a variable fix and write a statement */ /* with the correct expression */ /********************************************************/ #include <stdio.h> int main(void) { float a = 23; short b = 45; float c = 3.1415927; float result; result = a / b * c; printf("%f",result); return 0; }
Lab2_q2.c
/********************************************************/ /* ELE8094 SwA Assessed Practical 2 Q2 2016 */ /* */ /* What is the value of result in the code */ /* Explain the flaw */ /* Define a variable fix and write a statement */ /* with the correct expression */ /********************************************************/ #include <stdio.h> /* Integer Promotion */ int main(void) { int a = -1; int b = 1; printf("%d\n", a < b); return 0; }
Lab2_q3.c
/********************************************************/ /* ELE8094 SwA Assessed Practical 2 Q3 2016 */ /* */ /* Explain the vulnerability in the */ /* code below. Write code to provide a fix. */ /********************************************************/ #include <stdio.h> #include <string.h> int main(void) { char *pFirstName = "FirstName "; char *pLastName = "LastName"; char name[strlen(pLastName)+strlen(pFirstName)]; strcat(strcpy(name, pFirstName), pLastName); printf("Name: %s\n", name); return 0; }
Lab2_q4.c
/********************************************************/ /* ELE8094 SwA Assessed Practical 2 Q4 2015 */ /* */ /* The following code accepts an 8 character */ /* password from the user that must contain only */ /* alphanumeric characters. */ /* Write a function to sanitise the input */ /********************************************************/ #include <string.h> #include <stdio.h> #include <stdlib.h> #include <ctype.h> void getPassword(void); int main(void) { getPassword(); return 0; } void getPassword(void) { char password[9]; int c=0; fputs("Enter Password of 8 Characters Containing Only Letters and Numbers\n", stdout); fgets(password, 9, stdin); for (int i = 0;i<8;i++){ if (isalpha(password[i]) || isdigit(password[i])){c++;}} if (c!=8){ c=0; printf("Please try again, your password does not match the criteria password: %s\n",password);} else{printf("The password matches the criteria, congratulations, you can continue password: %s\n",password);} return; }
Lab2_q5.c
/********************************************************/ /* ELE8094 SwA Assessed Practical 2 Q5 2016 */ /* */ /* Identify and Explain the vulnerability in the */ /* code below. Provide a fix. */ /********************************************************/ //the problem is that it does not have a null terminator //this can cause undefined behavior if reading or worst in writing like Format //String attack reference: http://wiki.c2.com/?NonNullTerminatedString #include <stdio.h> #include <string.h> #include <stdlib.h> #define MAC_ADDRESS_LENGTH 36 #define LINELENGTH 56 #define SEPERATOR ':' int GetMacAddress(char *MacAddress); char outPutMacAddress[MAC_ADDRESS_LENGTH]; int main() { if (1 == GetMacAddress(outPutMacAddress)) { printf("Failed to get Mac address\n"); } else { printf("%s\n", outPutMacAddress); } return 0; } int GetMacAddress(char *MacAddress) { FILE *fp = NULL; char line[LINELENGTH]; unsigned char counter = 1; unsigned char i = 0; char *address; if (-1 == system("/sbin/ifconfig |grep --binary-files=text HWaddr >macAddress")) { printf("SYSTEM_ERROR_GET_MAC_ADDRESS_FAILURE\n"); return 1; } else { fp=fopen("macAddress", "r"); if(NULL == fp) { printf("Error reading macAddress file\n"); return 1; } else { if (NULL == fgets(line, sizeof(line), fp)) { printf("Error reading line from file - mac adddr\n"); return 1; } else { address = strchr(line, SEPERATOR); if (NULL == address) { printf("Error in line format\n"); return 1; } else { while ((address[counter] != 0) && (i < MAC_ADDRESS_LENGTH)) { MacAddress[i] = address[counter]; counter++; i++; } } } fclose(fp); } } if (-1 == remove("macAddress")) { printf("Error removing file\n"); return 1; } return 0; }
Explanation in pdf. SanchezRicardo_40183863_Lab1