nerdexam
EC-Council

312-50V10 · Question #328

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What

The correct answer is D. if (billingAddress <= 50) {update field} else exit. Preventing a buffer overflow on a fixed-length field requires validating that input length does not exceed the defined maximum before processing.

Hacking Web Applications

Question

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

Options

  • Aif (billingAddress = 50) {update field} else exit
  • Bif (billingAddress != 50) {update field} else exit
  • Cif (billingAddress >= 50) {update field} else exit
  • Dif (billingAddress <= 50) {update field} else exit

How the community answered

(36 responses)
  • A
    14% (5)
  • B
    3% (1)
  • C
    6% (2)
  • D
    78% (28)

Why each option

Preventing a buffer overflow on a fixed-length field requires validating that input length does not exceed the defined maximum before processing.

Aif (billingAddress = 50) {update field} else exit

Using a single `=` performs assignment rather than comparison in most languages, and even if treated as equality, it only accepts exactly 50 characters - rejecting all shorter valid inputs.

Bif (billingAddress != 50) {update field} else exit

`!= 50` allows any length that is not exactly 50, meaning inputs of 51 or more characters would be accepted and could overflow the buffer.

Cif (billingAddress >= 50) {update field} else exit

`>= 50` allows inputs of 50 or more characters, which permits data exceeding the buffer boundary rather than blocking it.

Dif (billingAddress <= 50) {update field} else exitCorrect

The condition `billingAddress <= 50` correctly gates the update on the input being at or below the 50-character field limit, blocking any input that would overflow the buffer. This is the standard input-length boundary check: allow if within bounds, exit otherwise. It covers all valid cases (1 through 50 characters) while rejecting overflow-inducing input.

Concept tested: Input length validation to prevent buffer overflow

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#input validation#secure coding#boundary checking

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice