C Security Quiz (Short Version)

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Searchlab
S
Searchlab
Community Contributor
Quizzes Created: 4 | Total Attempts: 4,789
Questions: 5 | Attempts: 270

SettingsSettingsSettings
Cyber Security Quizzes & Trivia

Do you think you know enough about security issues in C code? Can you think with the mind of a hacker?

Test your knowledge with our interactive quiz! Check how much you know, share the results, and help your colleagues learn more about secure coding. Simply click on the "start" button. It's fun and easy - so don't wait!


Questions and Answers
  • 1. 

    This function is part of a program that is running on a 32-bit x86 system; the compiler does not change the order of variables on the stack. void function(char *input) {     int i = 1;     char buffer[8];     int j = 2;     strcpy(buffer,input);     printf("%x %x %s\n",i,j,buffer); } What is the minimum length of a string – passed to the function through the input parameter – that can crash the application?

    • A.

      9

    • B.

      10

    • C.

      11

    • D.

      12

    • E.

      13

    Correct Answer
    D. 12
    Explanation
    12 characters. Since the string is zero-terminated, it will be stored in a 13-byte array that is copied over the buffer, and the first byte of the EBP will be overwritten - causing the program to crash.

    Rate this question:

  • 2. 

    Which of the following is true with respect to buffer overflows?

    • A.

      Buffer overflows on the heap cannot be exploited to run arbitrary code.

    • B.

      If a function is vulnerable to a buffer overflow due to large user input being put in a small fixed-size buffer, making the buffer 10 times as large as a “quick fix” will reduce the impact of the vulnerability.

    • C.

      Buffer overflows can be used to alter the state and operation of the vulnerable application in an undetectable way.

    • D.

      If code cannot be executed on the stack (e.g. through the use of the non-execute bit or DEP), attackers cannot run arbitrary code by exploiting a buffer overflow.

    • E.

      Calling free() on the same memory address twice may crash the application, but will not lead to an exploitable buffer overflow.

    Correct Answer
    C. Buffer overflows can be used to alter the state and operation of the vulnerable application in an undetectable way.
    Explanation
    a]NO; heap-based buffer overflows are significantly harder to exploit, but they can still be used to run arbitrary code.
    b]NO; in most cases, the attacker can put extremely long input – several hundred kilobytes of data, or even more – in the fixed-size buffer. Increasing the buffer size will only allow the attacker to inject longer shellcode in most cases.
    c]YES; e.g. if the attacker only overwrites local variables on the stack.
    d]NO; there are several techniques to avoid DEP and similar techniques, such as return-to-libc attacks and return-oriented programming.
    e]NO; in the right circumstances, a double free can lead to a buffer overflow on the heap.

    Rate this question:

  • 3. 

    Which of the following statements (in the area of protection against typical C/C++ vulnerabilities) is true?

    • A.

      There is no reliable way to protect against format string vulnerabilities.

    • B.

      Injected shellcode can be reliably identified by intrusion detection software.

    • C.

      Proper use of secure integer libraries eliminates integer overflow vulnerabilities.

    • D.

      Using data execution prevention, address space layout randomization and stack smashing protection at the same time provides complete protection against buffer overflow exploits.

    • E.

      Using strncpy and strncat instead of strcpy and strcat guarantees error-free operation.

    Correct Answer
    C. Proper use of secure integer libraries eliminates integer overflow vulnerabilities.
    Explanation
    a] NO; format string vulnerabilities are trivially avoided by e.g. #define printf(str) printf("%s",str)
    b] NO; shellcode can be obfuscated, encrypted, or even masquerade as alphanumeric text.
    c] YES; secure integer libraries either prevent overflows altogether or throw errors when an overflow is encountered.
    d] NO; heap spraying, return-oriented programming, return-to-libc and similar techniques can be used to bypass these protections.
    e] NO; strncpy/strncat do not add a trailing zero if the 'num' parameter specifying the number of characters to copy is greater than the length of source string. This can lead to a buffer overflow later when the string is read out.

    Rate this question:

  • 4. 

    When dealing with Unicode user input in C, the following issues need to be taken into account:

    • A.

      Unicode characters may be used to bypass black-list filtering

    • B.

      In every encoding form, the size of Unicode characters may differ from each other

    • C.

      The length() of a Unicode string may be different from its size()

    • D.

      Unicode strings cannot be printed easily out on the screen

    • E.

      Directional control characters such as U+202E may be exploited

    Correct Answer(s)
    A. Unicode characters may be used to bypass black-list filtering
    B. In every encoding form, the size of Unicode characters may differ from each other
    C. The length() of a Unicode string may be different from its size()
    E. Directional control characters such as U+202E may be exploited
    Explanation
    a]YES; filtering may use a different Unicode conversation routine than the called function.
    b]YES; the character representation length varies for different characters in UTF-8 encoding form.
    c]YES; depending on the Unicode encoding being used, size may be up to 4x larger than length.
    d]NO; every function has an Unicode pair, for example you can use wprintf instead of printf.
    e]YES; if the user-provided string is concatenated with UI elements, it may be used to reverse built-in UI element text.

    Rate this question:

  • 5. 

    #define ll 12 char pwd[37], n[ll]; void s(char *u) {strncpy(n,u,ll); printf(n);} How would you fix the code above?

    • A.

      Char pwd[37], n[ll+1];

    • B.

      #define ll 13

    • C.

      Void s(char *u) {strncpy(n,u,ll-1); printf(n);}

    • D.

      Void s(char *u) {strncpy(n,u,11); printf(“%s”, n);}

    • E.

      Void s(char *u) {strncpy(n,u,ll-1); cout

    Correct Answer(s)
    D. Void s(char *u) {strncpy(n,u,11); printf(“%s”, n);}
    E. Void s(char *u) {strncpy(n,u,ll-1); cout
    Explanation
    a]NO; this fixes the off-by-one error in the strncpy, but does not fix the printf vulnerability
    b]NO; neither of the bugs is fixed in this way, just increases the string’s size by one
    c]NO; this fixes the off-by-one error in the strncpy, but does not fix the printf vulnerability
    d]YES; both the off-by-one error and the printf vulnerability are fixed, but hard-coding the number of characters to be copied may cause problems in the future
    e]YES; both the off-by-one error and the printf vulnerability are fixed

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 17, 2012
    Quiz Created by
    Searchlab
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.