(See the attached documents for the complete details) Description: In this lab,

(See the attached documents for the complete details)
Description: In this lab, you are given a program with a potential buffer-overflow vulnerability and tasked with
analyzing, identifying and correcting the vulnerability. A crude description of the occurrence of a
buffer overflow is when too much data is either accidentally or maliciously attempted to be stored
in an object, causing adverse effects to the program. In this context, “too much data” is relative
to the size and capacity of the “object storing the data”. The “object storing the data” can be
anything, ranging from a data structure (e.g. array) in modern programming languages to lower
level structures like registers when programming in assembly. When this happens, there is an
adverse affect that may manifest as a program crash or as a transition of the program to a state
that offers an adversary an exploitable vulnerability.
3.2 Tasks
1. Select ONE of the provided code segments. 2. Compile2 and run the code.
Questions
Program Analysis:
(a) (5 pts) Describe the expected behavior of the program by reading the code.
(b) (5 pts) Describe the input you used to cause a buffer overflow when you ran the code.
(c) (5 pts) How did the buffer overflow manifest? Provide the exact error you received as
evidence.
(20 pts) Identify and describe the buffer overflow problem in the code.
(20 pts) Describe how you would prevent the buffer overflow from occurring in the code.
(40 pts) Correct the program to eliminate the buffer overflow problem from occurring. In the
provided code, make sure you add comments to indicate what is being changed.
(5 pts) Describe the behavior of the corrected program.