2
I’ve been doing some code analysis exercises and came across an interesting case. The exercise presents a C code with a function and asks what type of attack this code is vulnerable to. I couldn’t identify anything beyond the gets function (which can be exploited for buffer overflow attacks). Is there any other piece of code that contains some vulnerability?
int crack_code()
{
char code[10];
int val=999, i;
printf("Enter code: ");
gets(code);
for (i=0; i<10; i+=2)
{
val = (val & code[i]) | code[i+1];
val &= val >> code[i];
}
if (val == 101)
{
return 0;
} else
{
return 1;
}
}
void main()
{
if (crack_code())
{
printf("Crack the secret code!\n");
}
else {
printf("Now you know the secret!\n");
}
}
Thank you so much for anyone who can contribute!
At first you are using the function
getsfor reading a string assuming it has up to 9 characters but if you enter a 50 character string the function will accept and simply destroy the memory content that exists after thechar code[10];.– anonimo
Basically it’s just the
gets()same. Then there are consequences because of the use of it.– Maniero