Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 12: Buffer Overflows
1. Does a function in C automatically limit input larger than the memory buffer?
2. Will a null terminator prevent a buffer overflow?
3. What kinds of variables are stored in a stack?
4. What is a heap used for?
5. In running a buffer overflow exploit, does the hacker have to have a trusted relationship with the
target PC?
6. What character decodes to the string “¢”?
7. What does the error “A segmentation fault has occurred” mean?
8. How would a hacker go about defeating the client-side validation on a Web form?
Indicate whether the sentence or statement is true or false.
9. _______ Unix was written in Java and rewritten later in C, which caused lots of buffer overflow
problems.
10. _______ Bugs are typically fixed by programming the functions to perform an input validity
check.
11. _______ Stacks are where user variables are stored.
12. _______ Heaps are where elastic variables used by more than one function are stored.
13. _______ Stacks cannot be increased and decreased automatically.
14. _______ Heaps are incremented automatically and manually by using the commands malloc()
and brk().
15. _______ You can purge heaps and stacks by running “Disk Cleanup.”
16. _______ Validation performed on the client side decreases server processing speed.
The following functions are unsafe and subject to buffer overflows. Match them to the list of safe
functions below.
a. strcpy()
b. gets()
c. sprintf()
d. strcat()
17. _______ fgets()
18. _______ strncpy()
19. _______ strncat()
20. _______ snprintf()
