Examine the queue management routines below. It handles any number
of queues, and returns a pointer to the queue that is created.
The header file - queueHeader.c - and queue manager - queeManager.c -
are below.
Write a main driver, queueMain.c and exercise these functions to get a
feel for it.
Analyze the code given and explain clearly any four vulnerabilities, each
description of about 5 -6 sentences - each vulnerability has to be a
very specific problem, not something general like buffer overflow etc.
For any ONE vulnerability, describe how you may fix it - NO need to write
actual (fix) code though.
For any ONE vulnerability, write an exploit, mainExploit.c --
exploit code should be readable and well-documented, else you get 0.
/**
queueHeader.h header file
*/
/*
* the queue structure
*/
typedef struct queue {
int *que; /* the actual array of queue elements */
int head; /* head index in que of the queue */
int count; /* number of elements in queue */
int size; /* max number of elements in queue */
} QUEUE;
/*
* the library functions
*/
void queueManage(QUEUE **, int, int); /* create or delete a queue */
void addToQueue(QUEUE *, int); /* add to queue */
void removeFromQueue(QUEUE *, int *); /* remove from queue */
/**
queueManager.c source
*/
#include <stdlib.h>
#include "queueHeader.h"
/*
* create or delete a queue
*
* PARAMETERS: QUEUE **qptr space for, or pointer to, queue
* int flag 1 for create, 0 for delete
* int size max elements in queue
*/
void queueManage(QUEUE **qptr, int flag, int size)
{
if (flag){
/* allocate a new queue */
*qptr = malloc(sizeof(QUEUE));
(*qptr)->head = (*qptr)->count = 0;
(*qptr)->que = malloc(size * sizeof(int));
(*qptr)->size = size;
}
else{
/* delete the current queue */
(void) free((*qptr)->que);
(void) free(*qptr);
}
}
/*
* add an element to an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int n element to be appended
*/
void addToQueue(QUEUE *qptr, int n)
{
/* add new element to tail of queue */
qptr->que[(qptr->head + qptr->count) % qptr->size] = n;
qptr->count++;
}
/*
* take an element off the front of an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int *n storage for the return element
*/
void removeFromQueue(QUEUE *qptr, int *n)
{
/* return the element at the head of the queue */
*n = qptr->que[qptr->head++];
qptr->count--;
qptr->head %= qptr->size;
}
Name:
Anonymous2012-07-30 13:38
Now I am unsure about what vulnerabilities he is talking about... can anyone help me figure out the vulnerabilities?
Hint: There's 1 in the `add' function. and 1 in the `remove' function. Maybe more but I only glanced at it.
Also, that's fucking ugly C they wrote there, wow. Way to make an elegant language look like shit.
Name:
Anonymous2012-07-30 13:47
I am trying to do my own homework, but I'm simply lost in being able to read their shitty code.
>>5
Can you please tell me the location of the vulnerabilities? That's all I ask, afterwards I should be able to describe why are they are vulnerabilities.
>>6
Technically the entire bodies of both functions. There's some control-flow missing that SHOULD be there.
Name:
Anonymous2012-07-30 13:58
>>7
Well then I guess I can't describe why they are vulnerabilities. Can you please help me with this assignment? This is the last assignment I have for this class and I'm supposed to be graduating this saturday but if I don't get this assignment completed I don't think I will be able to graduate.
I'm not a good programmer nor have I ever been. My expertise is not in programming so that's why I am having so much trouble with this.
>>8
Imagine a scenario like this: create queue Q (size 2)
enqueue (Q, 3)
enqueue (Q, 4)
enqueue (Q, 99)
What will the value be if you were to dequeue (Q) now?
create queue Q (size n)
dequeue (Q)
What will this dequeue end up returning as a value?
>>10
With what? I'm graduating with a Computer Science degree, but my specialty is networking.
>>9
I honestly don't know. I'm not sure what happens to a queue once you enqueue a bunch of different times like that.
Name:
Anonymous2012-07-30 14:17
Well I'm leaving for work right now but any kind of hints or help would be much appreciated. I will be leaving work early to continue working on this, so thanks you guys for what you've mentioned so far.
>>11 I'm not sure what happens to a queue once you enqueue a bunch of different times like that.
That is like first year data structures right there. Not even...
I'm not trying to be rude, but if you don't understand things like a stack or a queue and you're about to graduate, then how do you think you're going to get on after you get your degree? Not very well.
They have nothing to do with programming either, it's just basic concepts. I offered some pretty telling advice there.
Name:
Anonymous2012-07-31 12:38
Lol I'm sorry that something I learned 3 years ago and haven't used since is trumping me. I"m sure you guys don't remember everything from every class you have ever taken, especially if you don't use it often..
Anyways I pulled up my notes and I see that in the addQueue function it doesn't check if the queue is already full before it does it's work, and in the deleteQueue function it doesn't check if the queue is already empty before it does ITS work. Also something a classmate brought to my attention is how "(*qptr)->que = malloc(size * sizeof(int));" can be vulnerable because there is no checking the size of int, that it can overflow the result of the int queue and the same line can error if the size is -1. That's also true within the addQueue and deleteQueue functions.
>>9 >>15
Wow man, I'm sorry. I see why you were pretty upset that I couldn't understand what you were saying. You are saying exactly what I just said, but in example terms. The first example you set to size 2 and tried to enqueue 3 times, but it only fits two so it would throw an error. And the second example you created a queue but left it empty and try to dequeue which would throw an error.
Name:
Anonymous2012-07-31 13:32
So far that is 3(?) vulnerabilities that I have been able to uncover, just wondering if possibly you guys see any others that you could hint towards for me? I'm about to leave for work again and won't be able to work on this for another 10 hours. It would also be cool if someone could help me write up the "queueMain.c" that he wants us to write to get the gist of the functions, as I am somewhat bad with syntax :|. Otherwise thanks for the help.
As for the exploit I am supposed to create; would it be as simple as to just set the size to -1, let the queue be full and try to add more to it, or let the queue be empty and try to dequeue while it's empty?
>>16 ...because there is no checking the size of int
What exactly do you mean by that? Are you actually talking about the value of sizeof(int)? Further, if size is less than zero, it possibly won't cause malloc "to error" - look at the how malloc is defined: it takes a size_t argument, which is some sort of unsigned integral type. Thus your signed multiplication involving a negative number will be treated as an unsigned value when passed to malloc, and you'll end up with some number of bytes allocated, but Sussman knows how many.
One other thing I can spot is that if que->size does happen to be zero, your modulus operations involving it will actually cause division by zero faults. But the problem is that's on the same level as passing NULL pointers into your functions and getting segfaults. So I'm not sure if that counts (ie allocating a queue with 0 size and expecting to be able to enqueue/dequeue items).
>>28
This. While my college tends to throw a lot of programming at the CS majors, my specialty is not in programming. I have been able to set up cisco routers, switches, and hubs (the real deal, not just the little linksys routers) since my 11th grade year in highschool when I went to a technical school to study. A lot of this programming stuff I have already done and got good grades, it's just been a while and it's a bit fuzzy for me. Once I get started on something and get a bit of help, the old information tends to start brewing in my head and I can figure most of it out.
>>21
Thanks man. I wasn't quite sure what my classmate was talking about when he said whatever he said about the "sizeof(int)", but I did notice what you said about it being 0 and creating divide by 0 faults. I'm sure he would count that as a vulnerability because I've taken classes with him before and this is not something he would normally leave out. He said that there are many vulnerabilities in the code so I'm sure that this is one of them.
>>22
Thank you for pointing that out; I hadn't noticed.
Name:
Anonymous2012-08-01 3:44
Can someone please help me REAL quick? I'm having trouble with some of my syntax right now creating this queueMain.c. Once I get this working I will be able to completely finish this assignment and be able to turn it in.
//creating the queue
queueManage(&ptr1, 1, 2);
printf("QUEUE of size 2 created");
// adding value to queue
addToQueue(&theQ, 5);
printf("Value 5 has been added to the QUEUE");
// adding another value to queue
addToQueue(&theQ, 3);
printf("Value 3 has been added to the QUEUE");
// Remove the front value from queue
int head = ptr1->head;
removeFromQueue(&theQ, &head);
printf("The front value has been removed from the QUEUE");
//delete the que
queueManage(&ptr1, 0, 2);
printf("QUEUE has been destroyed");
return 0;
} [/code]
Is my code, but for some reason it is giving me an "Arithmetic Exception". What have I done wrong? Right now it is supposed to run queueManage and create a queue called "theQ" with a size of 2. It's then supposed to insert two values into the queue, filling it. Then it is to remove the head value and then run queueManage again to destroy the queue, but for some reason I can't seem to figure out where it is going wrong.
Name:
Anonymous2012-08-01 3:45
Can someone please help me REAL quick? I'm having trouble with some of my syntax right now creating this queueMain.c. Once I get this working I will be able to completely finish this assignment and be able to turn it in.
//creating the queue
queueManage(&ptr1, 1, 2);
printf("QUEUE of size 2 created");
// adding value to queue
addToQueue(&theQ, 5);
printf("Value 5 has been added to the QUEUE");
// adding another value to queue
addToQueue(&theQ, 3);
printf("Value 3 has been added to the QUEUE");
// Remove the front value from queue
int head = ptr1->head;
removeFromQueue(&theQ, &head);
printf("The front value has been removed from the QUEUE");
//delete the que
queueManage(&ptr1, 0, 2);
printf("QUEUE has been destroyed");
return 0;
}
Is my code, but for some reason it is giving me an "Arithmetic Exception". What have I done wrong? Right now it is supposed to run queueManage and create a queue called "theQ" with a size of 2. It's then supposed to insert two values into the queue, filling it. Then it is to remove the head value and then run queueManage again to destroy the queue, but for some reason I can't seem to figure out where it is going wrong.
Name:
Anonymous2012-08-01 3:46
Can someone please help me REAL quick? I'm having trouble with some of my syntax right now creating this queueMain.c. Once I get this working I will be able to completely finish this assignment and be able to turn it in.
//creating the queue
queueManage(&ptr1, 1, 2);
printf("QUEUE of size 2 created");
// adding value to queue
addToQueue(&theQ, 5);
printf("Value 5 has been added to the QUEUE");
// adding another value to queue
addToQueue(&theQ, 3);
printf("Value 3 has been added to the QUEUE");
// Remove the front value from queue
int head = ptr1->head;
removeFromQueue(&theQ, &head);
printf("The front value has been removed from the QUEUE");
//delete the que
queueManage(&ptr1, 0, 2);
printf("QUEUE has been destroyed");
return 0;
}
Is my code, but for some reason it is giving me an "Arithmetic Exception". What have I done wrong? Right now it is supposed to run queueManage and create a queue called "theQ" with a size of 2. It's then supposed to insert two values into the queue, filling it. Then it is to remove the head value and then run queueManage again to destroy the queue, but for some reason I can't seem to figure out where it is going wrong.
Name:
Anonymous2012-08-01 3:48
Can someone please help me REAL quick? I'm having trouble with some of my syntax right now creating this queueMain.c. Once I get this working I will be able to completely finish this assignment and be able to turn it in.
//creating the queue
queueManage(&ptr1, 1, 2);
printf("QUEUE of size 2 created");
// adding value to queue
addToQueue(&theQ, 5);
printf("Value 5 has been added to the QUEUE");
// adding another value to queue
addToQueue(&theQ, 3);
printf("Value 3 has been added to the QUEUE");
// Remove the front value from queue
int head = ptr1->head;
removeFromQueue(&theQ, &head);
printf("The front value has been removed from the QUEUE");
//delete the que
queueManage(&ptr1, 0, 2);
printf("QUEUE has been destroyed");
return 0;
}
Is my code, but for some reason it is giving me an "Arithmetic Exception". What have I done wrong? Right now it is supposed to run queueManage and create a queue called "theQ" with a size of 2. It's then supposed to insert two values into the queue, filling it. Then it is to remove the head value and then run queueManage again to destroy the queue, but for some reason I can't seem to figure out where it is going wrong.
Name:
Anonymous2012-08-01 3:53
shit sorry for the quad post, i didn't mean to do that, my computer must have freaked out for a moment.
sorry guys.
Name:
Anonymous2012-08-01 5:22
Figured it out. Got it working properly. Thanks for the all the... help. From some of you guys anyways.
>>32
You're stack allocating a QUEUE and then malloc'ing space for a new one and setting ptr1 to it. Your theQ is NOT "the queue", in fact. queueManage() malloc's a queue, then mallocs the space for the ints in it. The pointer to the QUEUE itself is save into ptr1.
Name:
Anonymous2012-08-01 5:48
>>37
Yeah I figured this out a few moments ago. >>36 Thus the code works properly now and I have now created the code that will break the program; and now my assignment is complete!
I appreciate the help though! :)
Name:
Anonymous2012-08-01 10:16
BEST troll THREAD EVER! or epic samefaggotry to create an impression of a helpful/prague/