Description
1. (10 pts) Is the following function vulnerable to the buffer overflow? If yes, explain how by
drawing the stack frame and explaining what could happen. If no, explain why not.
2. (10 pts) Identify the security vulnerability in this code. Explain.
3. (10 pts) For the following code, assume an attacker can control the value of shoplist passed
into eval_list. The value of n is constrained to correctly reflect the number of elements in
shoplist. The code includes several security vulnerabilities. Show at least two such
vulnerabilities in the code and explain each one.
Reminders:
• snprintf(buf, len, fmt, . . . ) works like printf, but instead writes to buf, and won’t write
more than len – 1 characters. A terminating null character is automatically appended after
the content written.
• system runs the shell command given by its first argument.
