Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
STEP 1: Type, compile and run the program below. import java.util.*; public class Overflow { static final int INPUT_SIZE = 10; public static void main(String[] args) { char[] vals = new char[INPUT_SIZE]; Scanner scan = new Scanner(System.in); String s1 = getString(scan); copyVals(s1, vals); String sub = getSubstring(scan,vals); System.out.println("sub string: " + sub); } public static String getString(Scanner scan) { System.out.print("Please type a string: "); String s = scan.nextLine(); return s; } public static void copyVals(String s, char[] vals) { for (int i = 0; i < s.length(); i++) { vals[i] = s.charAt(i); } } public static String getSubstring(Scanner scan, char[] vals) { System.out.print("Starting point: "); int start = scan.nextInt(); System.out.print("Ending point: "); int end = scan.nextInt(); char[] newChars = getChars(start, end, vals); return new String(newChars); } public static char[] getChars(int start,int end,char[] vals) { int sz = end - start; char[] result = new char[sz]; for (int i = 0; i < sz; i++) { result[i] = vals[start + i]; } return result; } } STEP 2: Complete the security checklist for this program. Question 2 List the potential buffer overflow errors. Question 3 Provide example inputs that might cause buffer overflow problems. Question 4 What strategies might you use to remove potential buffer overflow vulnerabilities from this program? HINT: 1) Revise copyVals to return an array. 2) Modify getChars. 3) Modify getSubstring STEP 3: Revise the program to eliminate potential buffer overflow problems. You should be able to do this without adding any exception handling code. Security Checklist Vulnerability:Buffer Overflow Course: CS2 Task - Check each line of code 1. Finding Arrays: 1.1 Click each array declaration 1.2 For each array, click all subsequent references 2. Index Variables – legal range for an array of size n is 0 <= i<n 2.1 For each array access that uses a variable as an index, write the legal range next to it. 2.2 For each index marked in 2.1, click all occurrences of that variable. 2.3. Click any assignments, inputs or operations that may modify these index variables. 2.4. Click any array that is indexed by a highlighted index variable. 3. Loops that modify index variables 3.1. Find loops that modify variables used to index arrays. For any index that occurs as part of a loop conditional, click the loop limit. For example, if i < max is the conditional in a for loop, click max 3.2. Write the legal range of the array index next to the loop limit as you did in step 2.1. Click on the loop if the loop limit could exceed the legal range of the array index. Watch out for loops that go until i <=max , as the largest valid index is max-1 3.3 If the upper or lower loop limit is a variable, it must be checked just as indices are checked in Step 2 4. Sending array indices or loop limits into functions 4.1 Click any function arguments that are used to send array indices in. 4.2 Click any function arguments that are used to send loop limits in. For each highlighted function argument: 4.3 Write the legal range next to each highlighted argument. Click any argument that is not verified to be within these limits. Completed 4.4 Click any calls to the function. If the function does not verify that the arguments are within the required range, the code calling the function should do so. Highlighted areas indicate vulnerabilities!