Question

Describe in detail any security problems that might exist in the following code and how you might fix it. It has several problems:

char* src = malloc(18);

char* domain = “www.dogsarecool.nl”;

strncpy(src, domain, sizeof(domain))

Answer 1

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

When we declare a string in C, the last character is reserved for '\0' which is also known as the NULL character. It marks the end of the string.

So, if the length of char * array is n , then we can store up to ( n - 1 ) characters only as the last character is reserved for '\0'.

But in the above program, the size of src is of 18. So, upto 17 characters can be stored in the string src.

Now, the length of domain is 18 . Now, in the next statement we are copying all the characters of domain to src.

So, the function tries to copy 18 characters into the array src. So, it will overwrite the character '\0' and there will be no termination of the string. So, if we try o access the string, it will also consider the memory locations after the string as a part of the string which is a fatal error.

Kindly revert for any queries

Thanks.