Submitted by: Submitted by HLPRS
Views: 220
Words: 749
Pages: 3
Category: Science and Technology
Date Submitted: 11/15/2013 12:08 PM
Melissa Townsend
February 27, 2013
Secure Software Engineering
CSC453 Assignment 1
I have browsed through the collection of code examples on NIST’s SAMATE database to
determine what vulnerable code I should choose. What do I mean by a code being vulnerable? A
vulnerable code could be a code that consists of a section of code that could be a bug or cause a glitch,
in other words, a weakness which can allow an attacker to reduce a system’s information assurance.
I have chosen Test Case ID 72, A C++ code that deals with dynamic memory. This code asks the
user “How many numbers they would like to enter?” The user enters the set of numbers they like. Then
the program calls back the set of numbers that the user has just entered. The problem with this code is
if a user enters a long digit, an issue occurs. The program is able to run but I will display a series of
numbers that have not been entered by the user.
There were flaws discovered within this code. When there is more than a 10 digit number being
entered, is when an error occurs. With char (buffer), statically-sized arrays can be overflowed. Perform
bounds checking, use functions that limit length, or ensure that the size is larger than the maximum
possible length. With atoi and atol (both integers), unless checked, the resulting number can exceed the
expected range. If the source is not trusted, check both minimum and maximum, even if the input had
no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value
if that is intended).
I have come to the conclusion that when cin.getline (input, 100); is executed when input
exceeds the input part of the actual length of the array is stored in the illegal memory address. After
compiling the code, it runs with no errors, and this is very dangerous. This error produces a software
bug making it easy for an attacker to misuse an application. If there are other procedures used in the...