\"The following is a flawed login program in C. Identify the error and how to fi

Question

"The following is a flawed login program in C. Identify the error and how to fix it."

7- (12 points) The following is a flawed login program in C. void login0f char password[ 100]; read(0, password, 100); /read password from keyboard if (verify(password) == false) exit(1); // error, and exit login // password is valid and continue bool verify(char* p) ( char pwd[8] = "secret!". // unknown to attacker char buf[8]; strcpy(buf, p) for (int 1-0; pwd[i] != ''; i++) if (buf[i] != pwd i]) return false; // verify the password return true

Explanation / Answer

-----------------------------------------------------.c--------------------------------------

#include<stdio.h>

#include<string.h>

#include <stdbool.h>

/*

uncomment if strlen does not work

int strlen(char *str){

int i=0;

for(i=0; str[i] != ''; i++){

i++;

}

return i;

}

*/

bool verify(char * p){

// change the secret password

char pwd[8] ="secret!";

int len1 = strlen(pwd);

int len2 = strlen(p);

if(len1 == len2){ // first check the length of both the strings

// compare the password only when the both the lengths are equal

int i=0;

for(i=0; pwd[i] !='' ; i++)

if(p[i] != pwd[i]) return false;

return true;

}

else return false;

}

void login(){

char password[100];

scanf("%s",password);

if(verify(password) == false){

printf("wrong password ");

exit(1);

//return;

}else

printf("login succesfully");

}

int main(){

login();

}

--------------------------------------------ends----------------------------------------------

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.