Quiz For C Programmers.ppt

Quiz: For C Programmers Author: Jedidiah R. Crandall, crandaj@ This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program:Grant No. 0113627 Distributed July 2002 Embry-Riddle Aeronautical University ? Prescott, Arizona ? USA 1. If you declare an array as A[100] in C and you try to write data to A[555], what will happen? Nothing The C compiler will give you an error and won’t compile There will always be a runtime error Whatever is at A[555] will be overwritten 2. Which kinds of operations are most likely to lead to buffer overflows in C? Floating point addition Indexing of arrays Dereferencing a pointer Pointer arithmetic 3. Where can an attacker who is trying to “smash the stack” put their attack code if the buffer to be overflowed is on the stack? On the stack before the return pointer On the stack after the return pointer In the stack frame of another function On the heap In a global variable 4. What can be overwritten by a buffer overflow that causes a security problem. Security-sensitive data A return pointer Any kind of pointer Anything that will make the program crash 5. What is likely to happen if you find a buffer overflow during testing by entering a random, long string for a C program? The program gives you a “Buffer overflow at line X” error Data is corrupted The program crashes The C fairy sprinkles magic memory dust on the memory that was overwritten and makes everything okay again. 6. Which of these kinds of inputs can cause a buffer overflow. An environment variable String input from the user A single integer A floating point number File input 7. Which of these processes is likely to catch a buffer overflow? Compilation Code inspection Testing by a software developer Testing (or using) by a customer Testing (or probing) by an attacker 8. Which of these library functions are safe as long as you tell it the correct buffer size? sprintf() strcpy() fscanf() gets() memcpy() 9. Whic