From: Mart Lubbers Date: Mon, 23 Jan 2017 18:07:04 +0000 (+0100) Subject: update, add mock exam solution X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=678e03f889d1691287b127ffe1de94d5f16e38cb;p=ss1617.git update, add mock exam solution --- diff --git a/jml_esc/AmountMartLubbers.java b/jml_esc/AmountMartLubbers.java index 2591183..b717439 100644 --- a/jml_esc/AmountMartLubbers.java +++ b/jml_esc/AmountMartLubbers.java @@ -1,4 +1,4 @@ - +//Mart Lubbers s4109503 /* ESC/Java2 exercise Objects of this class represent euro amounts. For example, an Amount diff --git a/jml_esc/BagMartLubbers.java b/jml_esc/BagMartLubbers.java index 517ffcb..5f9ba14 100644 --- a/jml_esc/BagMartLubbers.java +++ b/jml_esc/BagMartLubbers.java @@ -1,4 +1,4 @@ - +//Mart Lubbers s4109503 /* ESC/Java2 Exercise: This class implements a Bag of integers, using an array. diff --git a/mock/mock.txt b/mock/mock.txt new file mode 100644 index 0000000..aec9cf9 --- /dev/null +++ b/mock/mock.txt @@ -0,0 +1,64 @@ +1a. + malloc might fail and thus return NULL. + strncpy is used with a length off by one thus not copying the null byte. + src is too small to fit domain. + + To fix this change the code to: + char *src = malloc(10); + if(src == NULL){ + perror("malloc"); + exit(EXIT_FAILURE); + } + char *domain = "www.ru.nl"; + strncpy(src, domain, 10); +1b. + Probably, this all happens in the same scope and the same control flow and + therefore via static analysis you can catch these simple errors. +1c. + Yes, a return to libc attack overwrites the return address of a function + with the pointer to some libc function. Therefore when overflowing often + the stack canary is destroyed and then the program can act upon by refusing + to continue execution for example. +1d. + With annotations for sure. An off-by-one error is made in the initialize + function. When buf is annotated with the fact that it must be at of length + len PREfast will complain that at some point buf[len] will be written. + + If the code is not annotated with SAL it will probably not detect the error + since complex inference is often difficult. +2. + The first type of memory safety is the fact that you can never write/read + in memory you are not supposed to write/read in. + + The second type of memory safety is the fact that there is no such thing as + uninitialized memory. You can never read memory that has not been + initialized. +3a. + In a normal SQL injection you try to input user information that modifies + not only the value but the query itself. + + A blind SQL injection does not modify the query enough to make a difference + but the information is gathered via side effects such as the type of the + respons and the lack of response. By trying to generate errors or long + query times you can get to know things about the server or application. +3b. + TOCTOU is misusing the non-atomicity of operations. Often you first ask + whether you may do something and then do it. In between these moments a + clever attacker can change things. For example a setuid wants to write a + file such as /etc/passwd. First it checks whether the file is a regular + file and not a symlink. After checking it will write. However, a different + thread can try to change /etc/passwd to a symlink in the meantime thus + misleading the program. +3c. + Whitelisting means only allowing a subset of inputs. Blacklisting means + disallowing a subset of inputs. Whitelisting is safer but often more work + since the set of inputs may be very large. Blacklisting is more difficult + because it is very difficult to know the exact set of disallowed patterns. +4a. + Deserializing an object means that you bypass all checks on the object and + possibly you can violate constraints that would be made when you would use + the regular object creation techniques. +4b. + If the program writes the object to a file and then reads it back in the + attacker can inspect the serialized object and change things before it is + read back.