Identify the line in the source code that might lead to buffer overflow?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

A.
9A.9

B.
17B.17

C.
20C.20

D.
32D.32

E.
35E.35



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Dick Steele

Dick Steele

The answer is wrong. Any sane person looking at the code will see that the line 17 (fgets) does check for boundaries. The actual answer is C, i.e. it’s the stripnl function that is at fault here because it doesn’t check for boundaries. Hence, if you input >=40 chars into the buffer via fgets, there will be no newline and no character, and the while loop will go out of bounds and possibly crash the program.

Dick Steele

Dick Steele

no NULL character*