\"The following is a flawed login program in C. Identify the flaw and explain ho

Question

"The following is a flawed login program in C. Identify the flaw and explain how to fix it."

7- (12 points) The following is a flawed login program in C. void login0f char password[ 100]; read(0, password, 100); /read password from keyboard if (verify(password) == false) exit(1); // error, and exit login // password is valid and continue bool verify(char* p) ( char pwd[8] = "secret!". // unknown to attacker char buf[8]; strcpy(buf, p) for (int 1-0; pwd[i] != ''; i++) if (buf[i] != pwd i]) return false; // verify the password return true

Explanation / Answer

The problem is solved and i am giving you below modified code. the problem is in reading data from keyboard in read() system call so i replaced with fgets(), but the problem with fgets() is it doesnot remove newline character so i have written the following statement to get rid of new line character

password[strlen(password)-1]='';

#include<stdio.h>
#include<string.h>
#include<stdbool.h>
bool verify(char[]);
void login()
{
char password[100];
fgets(password,100,stdin);
password[strlen(password)-1]='';
if(verify(password)==false)
printf("invalid");
else
printf("valid");
}
bool verify(char *p)
{
char pwd[]="secret!";
char buf[8];
strcpy(buf,p);
for(int i=0;pwd[i]!='';++i)
{
if(buf[i]!=pwd[i])
return false;
}
  
return true;
}
int main() {
login();
}

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.