Look at the following code snippet. You may assume that escape() argument is alw

Question

Look at the following code snippet. You may assume that escape() argument is always non-null and points to a ’’- terminated string. What's wrong with this code (from a security point of view)?

/*Escapes all newlines in the input string, replacing them with" ".*/

/* Requires: p != NULL; p is a valid ’’-terminated string */

void escape(char *p)

{ while (*p != ’’) switch (*p)

{ case ’ ’: memcpy(p+2, p+1, strlen(p));

*p++ = ’\’; *p++ = ’n’;

break;

default:

p++;

}

}

Can you also explain what is happening in the code?

Explanation / Answer

when overlapping memory regions are invoked, undefined behaviour is observed due to memcpy()

The main this wrong with the code is BUFFER OVERRUN.
end of input buffer will be written past if newline character is encountered in the input string. string size might get doubled
in worst case scenario.
For example, if a buffer on stack is allocated, which is big enough to hold string then passed to escape()
may result in stack-smashing attack.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.