nerdexam
GIAC

GCIH · Question #605

You cane across the following code snippet when investigating an incident that involved a business critical system. This code crashed right after the user passed the following input to this code: '%s%

The correct answer is B. This is a format-string attack that could have referenced a reserved address space or the memory. This is not a buffer overflow attack since there was no overflow involved in the allocated buffer space. This is a format-string attack that is caused either due to referencing of nonexistent address space or a reserved address space (that is reserved for kernel access) and there

Web Application Attacks & Post-Exploitation

Question

You cane across the following code snippet when investigating an incident that involved a business critical system. This code crashed right after the user passed the following input to this code:

'%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s'. What was the reason for the crash? #include <stdio.h> #include <conio.h> #include <string.h> #include <stdlib.h> void main() { char a[200]; scanf('%s', a); printf(a); }

Options

  • AThis is a buffer overflow attack that is caused by the stack address space being pushed to printf()
  • BThis is a format-string attack that could have referenced a reserved address space or the memory
  • CThe crash could have been due to mismatch in the address space that is being referenced in the

How the community answered

(42 responses)
  • A
    31% (13)
  • B
    55% (23)
  • C
    14% (6)

Explanation

This is not a buffer overflow attack since there was no overflow involved in the allocated buffer space. This is a format-string attack that is caused either due to referencing of nonexistent address space or a reserved address space (that is reserved for kernel access) and there was no overflow in the program.

Topics

#format string attack#memory corruption#printf vulnerability#C code analysis

Community Discussion

No community discussion yet for this question.

Full GCIH Practice