Q38: Security concern in program

Posted on by bytesoftheday

Question #38: What is the security concern in the following program?

#define BUFFER_SIZE 256

int main( int argc, char * argv[ ] )

{

    char buffer[ BUFFER_SIZE ];

    if( argc < 2 )

        return -1;

    else {

        strcpy( buffer, argv[ 1 ] );

        return 0;

    }

}

 

Options:

  1. If 256 bytes are not available on the stack, it might result in allocating NULL pointer to buffer. And then, since we are copying data onto buffer, it would result in segmentation fault.
  2. If argv[1] exceeds 256 characters, then strcpy() will overflow the buffer, potentially overwriting the return address in the stack.
  3. If number of arguments passed are more than 3, it will cause a security breach
  4. Both 1 and 2.

 

Solution:

If memory is not available in stack, it will actually throw “Stack overflow” error, and won’t allow to proceed. Hence, the correct answer is option 2.