Fixing C code with Vulnerabilities
In this homework, you will modify an existing C code application that violates several C code rules and recommendations. Your task is to locate the issues, based on the readings for this course, identify the rule(s) or recommendation(s) being violated and then fix the code. You will discuss each issue in terms of why the issue may cause a security vulnerability, and how you specifically fixed the issue.
Review and Understand the Sample C application.
The current code, developed by a junior developer, has several issues and is not functioning as expected. The desired functionality of the program is to allow a user to select from several choices on a menu. After the user selects the “Exit” option from the menu, the program will populate a password with ‘1’s and then display the value of the password. The program also captures a character so the screen can stay paused for review before exiting. Below are screen shots for a successful program execution.
Unfortunately, not only are there security issues, the code you were provided doesn’t work as expected.
For the first part of this exercise demonstrate your C developer environment is working properly. You can do this by running any of the sample C code applications.
Modify the C code in this example to make the desired functionality work properly. Demonstrate the code works properly through screen captures and describing what changes were made to fix the functionality issues.
Carefully, review the code and perform analysis as needed. Consider the following rules and recommendations and hints for items that you might want to review. Note, that some rules and recommendations listed below may not be found as issues in the code.
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator. MSC24-C. Do not use deprecated or obsolescent functions. FIO34-C. Distinguish between characters read from a file and EOF or WEOF. MSC17-C. Finish every set of statements associated with a case label with a break statement. MSC33-C. Do not pass invalid data to the asctime() function. MSC17-C. Finish every set of statements associated with a case label with a break statement. DCL20-C. Explicitly specify void when a function accepts no arguments. MEM30-C. Do not access freed memory.
You can use any C compiler you have access to including:
1. Windows C++ Express or Visual Studio
2. Mac X-Code C
3. Linux gcc
4. VM player with gcc (e.g. SDEV 300 Virtual machine)
Be sure you have a C environment where you can compile. Also review those code tutorial links provided in the classroom. Post a note, or contact your professor if you are having significant difficulties compiling a C program.
Once you have your environment working, reviewed and analyzed the code, and determined the rules and recommendations that are violated, you should fix the code. Be sure to document each issue by aligning the rule or recommendation and explain exactly how you fixed the issue.
a. Make sure your C coding environment is working first. Those C tutorials will help you to test your environment. b. Be very careful with the pointers and memory limits of the arrays. Most modern compilers attempt to protect your system resources, but you could potentially produce access violations that could lock your system up. Take your time and review the memory bounds for all of your arrays before you start making code changes c. Start on this early. This will take you longer than you think.
Provide your fixed C source code along with a PDF document describing how you addressed each issue. For example, you should list the C Cert rule or recommendation for each issue and show and
describe the code that addresses the issue. You should also provide screen shots and descriptions of the successful execution of the code.
Be sure your PDF document is neat, well-organized and is well-written with minimal spelling and grammar errors. All references used should be included in your document.
We value our customers, and so ensure that our papers are 100 percent original. Our Team of professionals does not miss the mark; they ensure that step by step each paper is written uniquely. We never duplicate or work as we compare papers rest assured. We deliver our work a day before time to ensure that you don’t miss your deadlines. It is not only doing the work but delivering it at the right time. We capture the consequences of late remittances. .
We value customer satisfaction here at popularessaywriters.com and make sure that you get the best value for your Money. It happens that sometimes you can pay twice for your order or may want to cancel it, or you feel that it doesn’t meet your requirements; our money back guarantee will give you the opportunity to get back your money. We will also refund 100% of money paid double. In case your paper does not satisfy your requirements , we request that you notify us via writing within 2 days otherwise on the third day we will assume that you have been satisfied. Do all your correspondences through our email address email@example.com.Read more
At popularessaywriters.com, our professional writers know the consequence plagiarism does for our clients. We have updated software’s such as article checker and copyscape to check for originality of the custom papers before submission of the final paper to the you. Our guarantee to the customer is that we will write 100% original papers for them that are quality, timely and of low cost. We have experienced professional and competent PhD writers who will write quality custom papers for you..Read more
. At popularessaywriters.com, we are proud to provide top-quality Essay writing service to our esteemed customers. We are ready to take up that challenging academic assignment that is giving you sleepless nights and simplify it for you according to your desired requirements. We are willing to revise your paper if it does not meet your requirements. At popularessaywriters.com, we do not compromise with quality; thus, we offer unlimited free revisions until the customer is satisfied with their custom paper. Our unlimited free revision services are provided under the following terms:.. .Read more
Popularessawriters.com knows that client’s information is an essential tool for our company. It means that whatever the client requests from our service is kept strictly confidential. It means that whoever writes for this company understands the terms and conditions hence you should not be worried because you will never see your work somewhere else...Read more
Rest assured that we will always be attentive to your needs and requirements. We belief in the phrase treat your neighbour as you would want them to treat you. We leave nothing to chance and always look forward to a good interaction with each other.. .Read more