Question

The following functions have zero or more security issues given the way they are called in the main() function. Identity these security issues and propose a compliant fix. You don’t need to consider the issues in the main() function.

1. setValue set the element at index in arr to value.

void setValue ( int * arr , int len , int value , int index ) {

                arr [ index ] = value ;

}

int main ( void ) {

                int arr [10];

                int value ;

                int index ;

                printf (" Enter the value :\ n ");

                scanf ("% d " , & value );

                printf (" Enter the position :\ n ");

                scanf ("% d " , & index );

                setValue ( arr , 10 , value , index );

                return 0;

}

2. createArray creates an int array of size len. It, then, initializes each element in the array with value.

int * createArray ( int len , int value ) {

                int * arr = ( int *) malloc ( sizeof ( int ) * len );

                memset ( arr , value , sizeof ( int ) * len );

                return arr ;

                }

int main ( void ) {

                int value ;

                int len ;

                printf (" Enter the value :\ n ");

                scanf ("% d " , & value );

                printf (" Enter the length :\ n ");

                scanf ("% d " , & len );

                int * arr = createArray ( len , value );

                if ( arr != NULL ) {

                                if ( len > 0) {

                                printf (" The first element is % d \ n " , arr [0]);

                                }

                free ( arr );

                }

return 0;

}

3. writeToFile asks the user to input a string and then write the entered string to “out.txt”.

void writeToFile () {

                char buffer [20];

                printf (" Enter the content :\ n ");

                scanf ("% s " , buffer );

                FILE * f = fopen (" out . txt " , " w ");

                fputs ( buffer );

                fclose ( f );

                }

int main ( void ) {

                writeToFile ();

                return 0;

}

4. sum returns the sum of two integers.

long long sum ( int a , int b ) {

                return a + b ;

                }

int main ( void ) {

                int a = 0;

                int b = 0;

                printf (" Enter a :\ n ");

                scanf ("% d " , & a );

                printf (" Enter b :\ n ");

                scanf ("% d " , & b );

                printf (" sum of a and b is % ld \ n " , sum (a , b ));

                return 0;

}

5. swap swaps the integer value stored in a and b.

void swap ( int * a , int * b ) {

                * a += * b ;

                * b = * a - * b ;

                * a = * a - * b ;

                }

int main ( void ) {

                int a = 0;

                int b = 0;

                printf (" Enter a :\ n ");

                scanf ("% d " , & a );

                printf (" Enter b :\ n ");

                scanf ("% d " , & b );

                swap (& a , & b );

                printf (" a is %d , b is % d \ n " , a , b );

                return 0;

}

Answer 1

1)

void setValue ( int * arr ,const int len ,const int value ,const int index ) {

if(index < len)

{

  arr [ index ] = value ;

}

               

}

The SetValue here sets a given value at the index,The security issue here is that whenever index is greater than length of the array then it can cause the system to crash.To avoid it we can add a check,Also adding the const qualifier to the arguments ensure that these are not modified inside the function.

2)

int * createArray ( const int len , int value ) {

//We can check whether len is greater than 0

if(len > 0)

{

int * arr = ( int *) malloc ( sizeof ( int ) * len );

                memset ( arr , value , sizeof ( int ) * len );

}              

                return arr ;

                }

3)

void writeToFile () {

                char buffer [20];

                printf (" Enter the content :\ n ");

//We can use scanf_s instead of scanf as it is more secured and prevents buffer overflow

                scanf ("% s " , buffer );

                FILE * f = fopen (" out . txt " , " w ");

                fputs ( buffer );

                fclose ( f );

                }

4)

//We can add the const to the parameters to prevent it from changing

long long sum (const int a ,const int b ) {

                return a + b ;

                }

5)

//We can add null check before de-referencing the pointer a and b

void swap ( int * a , int * b ) {

if(a == NULL || b == NULL)

return;

                * a += * b ;

                * b = * a - * b ;

                * a = * a - * b ;

                }