Parte importante de cyber security es poder arreglar código. Aquí hay 5 labs que pueden servirles para entender porque. Fueron mi lab1 de mi materia de software assurance en Queen’s University Belfast, 2016.
Lab2_q1.c
/********************************************************/
/* ELE8094 SwA Assessed Practical 2 Q1 2016 */
/* */
/* What is the value of result in the code */
/* Explain the flaw */
/* Define a variable fix and write a statement */
/* with the correct expression */
/********************************************************/
#include <stdio.h>
int main(void)
{
float a = 23;
short b = 45;
float c = 3.1415927;
float result;
result = a / b * c;
printf("%f",result);
return 0;
}
Lab2_q2.c
/********************************************************/
/* ELE8094 SwA Assessed Practical 2 Q2 2016 */
/* */
/* What is the value of result in the code */
/* Explain the flaw */
/* Define a variable fix and write a statement */
/* with the correct expression */
/********************************************************/
#include <stdio.h>
/* Integer Promotion */
int main(void)
{
int a = -1;
int b = 1;
printf("%d\n", a < b);
return 0;
}
Lab2_q3.c
/********************************************************/
/* ELE8094 SwA Assessed Practical 2 Q3 2016 */
/* */
/* Explain the vulnerability in the */
/* code below. Write code to provide a fix. */
/********************************************************/
#include <stdio.h>
#include <string.h>
int main(void)
{
char *pFirstName = "FirstName ";
char *pLastName = "LastName";
char name[strlen(pLastName)+strlen(pFirstName)];
strcat(strcpy(name, pFirstName), pLastName);
printf("Name: %s\n", name);
return 0;
}
Lab2_q4.c
/********************************************************/
/* ELE8094 SwA Assessed Practical 2 Q4 2015 */
/* */
/* The following code accepts an 8 character */
/* password from the user that must contain only */
/* alphanumeric characters. */
/* Write a function to sanitise the input */
/********************************************************/
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
void getPassword(void);
int main(void)
{
getPassword();
return 0;
}
void getPassword(void)
{
char password[9];
int c=0;
fputs("Enter Password of 8 Characters Containing Only Letters and Numbers\n", stdout);
fgets(password, 9, stdin);
for (int i = 0;i<8;i++){
if (isalpha(password[i]) || isdigit(password[i])){c++;}}
if (c!=8){
c=0;
printf("Please try again, your password does not match the criteria password: %s\n",password);}
else{printf("The password matches the criteria, congratulations, you can continue password: %s\n",password);}
return;
}
Lab2_q5.c
/********************************************************/
/* ELE8094 SwA Assessed Practical 2 Q5 2016 */
/* */
/* Identify and Explain the vulnerability in the */
/* code below. Provide a fix. */
/********************************************************/
//the problem is that it does not have a null terminator
//this can cause undefined behavior if reading or worst in writing like Format
//String attack reference: http://wiki.c2.com/?NonNullTerminatedString
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define MAC_ADDRESS_LENGTH 36
#define LINELENGTH 56
#define SEPERATOR ':'
int GetMacAddress(char *MacAddress);
char outPutMacAddress[MAC_ADDRESS_LENGTH];
int main()
{
if (1 == GetMacAddress(outPutMacAddress))
{
printf("Failed to get Mac address\n");
}
else
{
printf("%s\n", outPutMacAddress);
}
return 0;
}
int GetMacAddress(char *MacAddress)
{
FILE *fp = NULL;
char line[LINELENGTH];
unsigned char counter = 1;
unsigned char i = 0;
char *address;
if (-1 == system("/sbin/ifconfig |grep --binary-files=text HWaddr >macAddress"))
{
printf("SYSTEM_ERROR_GET_MAC_ADDRESS_FAILURE\n");
return 1;
}
else
{
fp=fopen("macAddress", "r");
if(NULL == fp)
{
printf("Error reading macAddress file\n");
return 1;
}
else
{
if (NULL == fgets(line, sizeof(line), fp))
{
printf("Error reading line from file - mac adddr\n");
return 1;
}
else
{
address = strchr(line, SEPERATOR);
if (NULL == address)
{
printf("Error in line format\n");
return 1;
}
else
{
while ((address[counter] != 0) && (i < MAC_ADDRESS_LENGTH))
{
MacAddress[i] = address[counter];
counter++;
i++;
}
}
}
fclose(fp);
}
}
if (-1 == remove("macAddress"))
{
printf("Error removing file\n");
return 1;
}
return 0;
}
Explanation in pdf. SanchezRicardo_40183863_Lab1
