312-50V10 · Question #328
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What
The correct answer is D. if (billingAddress <= 50) {update field} else exit. Preventing a buffer overflow on a fixed-length field requires validating that input length does not exceed the defined maximum before processing.
Question
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?
Options
- Aif (billingAddress = 50) {update field} else exit
- Bif (billingAddress != 50) {update field} else exit
- Cif (billingAddress >= 50) {update field} else exit
- Dif (billingAddress <= 50) {update field} else exit
How the community answered
(36 responses)- A14% (5)
- B3% (1)
- C6% (2)
- D78% (28)
Why each option
Preventing a buffer overflow on a fixed-length field requires validating that input length does not exceed the defined maximum before processing.
Using a single `=` performs assignment rather than comparison in most languages, and even if treated as equality, it only accepts exactly 50 characters - rejecting all shorter valid inputs.
`!= 50` allows any length that is not exactly 50, meaning inputs of 51 or more characters would be accepted and could overflow the buffer.
`>= 50` allows inputs of 50 or more characters, which permits data exceeding the buffer boundary rather than blocking it.
The condition `billingAddress <= 50` correctly gates the update on the input being at or below the 50-character field limit, blocking any input that would overflow the buffer. This is the standard input-length boundary check: allow if within bounds, exit otherwise. It covers all valid cases (1 through 50 characters) while rejecting overflow-inducing input.
Concept tested: Input length validation to prevent buffer overflow
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.