EC-Council
312-50V9 · Question #102
312-50V9 Question #102: Real Exam Question with Answer & Explanation
The correct answer is D: if (billingAddress <= 50) {update field} else exit. Preventing buffer overflow on an input field requires validating that the input length does not exceed the allocated field size before processing.
Question
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?
Options
- Aif (billingAddress = 50) {update field} else exit
- Bif (billingAddress != 50) {update field} else exit
- Cif (billingAddress >= 50) {update field} else exit
- Dif (billingAddress <= 50) {update field} else exit
Explanation
Preventing buffer overflow on an input field requires validating that the input length does not exceed the allocated field size before processing.
Common mistakes.
- A. Using a single equals sign is an assignment operation in most languages rather than a comparison, and even as a comparison it only permits input of exactly 50 characters, rejecting all valid shorter inputs.
- B. The not-equal condition (
!= 50) accepts any length other than exactly 50, meaning it would allow arbitrarily long strings that overflow the buffer. - C. The greater-than-or-equal condition (
>= 50) allows input of 50 characters or more, which permits overflow for any input exceeding the 50-character field limit.
Concept tested. Input length validation to prevent buffer overflow
Reference. https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Community Discussion
No community discussion yet for this question.