Identify the security vulnerabilities in all of these code segments and, for each vulnerability, discuss at least one way that it could be improved.
a)
/* file leak */
int main(int argc, char *argv[]){
char *filepath = argv[0];
char *shellpath = argv[1];
file *passwords;
passwords = fopen(filepath, "r");
/* read password and do something with it */
/* . . */
/* execute alternative shell */
execl(shellpath, "shell", null);
}
b)
/*
assume the following function is written for an electronic storefront.
the user will enter the id of the item to be ordered, as well
as the quantity of units that they would like to purchase.
the program will then lookup the price for the price for the
item using a predefined function, and return
the total cost of the order.
*/
int gettotalcost(){
char itemid[9];
int price, unitsordered, cost;
printf(" enter the 9-digit id of desired item: ");
scanf("%s", & itemid);
/* lookup price according to the itemid */
price = getpricebyid(itemid);
printf(" enter the quantity of units to be ordered: ");
scanf("%d", & unitsordered);
cost = price * unitsordered;
return cost;
}
c)
/* the following is intended to return a user's full name
by concatenating the user's first and last name into a single string
and then returning that string. */
char *getfullname(char *firstname, char *lastname, int max_len){
char fullname[max_len];
strcpy(fullname, firstname);
strcat(fullname, " ");
strcat(fullname, lastname);
return fullname;
}
d)
/* the following code snippet runs through the list of cli arguments
entered and displays them to the console. */
int main(int argc, char *argv[]){
int i;
printf("you've entered the following arguments: ");
for(i = 0; i < argc; i++){
printf(argv[i]);
printf("\n");
}
/* */
}