Name: Anonymous 2012-07-30 13:36
Examine the queue management routines below. It handles any number
of queues, and returns a pointer to the queue that is created.
The header file - queueHeader.c - and queue manager - queeManager.c -
are below.
Write a main driver, queueMain.c and exercise these functions to get a
feel for it.
Analyze the code given and explain clearly any four vulnerabilities, each
description of about 5 -6 sentences - each vulnerability has to be a
very specific problem, not something general like buffer overflow etc.
For any ONE vulnerability, describe how you may fix it - NO need to write
actual (fix) code though.
For any ONE vulnerability, write an exploit, mainExploit.c --
exploit code should be readable and well-documented, else you get 0.
/**
queueHeader.h header file
*/
/*
* the queue structure
*/
typedef struct queue {
int *que; /* the actual array of queue elements */
int head; /* head index in que of the queue */
int count; /* number of elements in queue */
int size; /* max number of elements in queue */
} QUEUE;
/*
* the library functions
*/
void queueManage(QUEUE **, int, int); /* create or delete a queue */
void addToQueue(QUEUE *, int); /* add to queue */
void removeFromQueue(QUEUE *, int *); /* remove from queue */
/**
queueManager.c source
*/
#include <stdlib.h>
#include "queueHeader.h"
/*
* create or delete a queue
*
* PARAMETERS: QUEUE **qptr space for, or pointer to, queue
* int flag 1 for create, 0 for delete
* int size max elements in queue
*/
void queueManage(QUEUE **qptr, int flag, int size)
{
if (flag){
/* allocate a new queue */
*qptr = malloc(sizeof(QUEUE));
(*qptr)->head = (*qptr)->count = 0;
(*qptr)->que = malloc(size * sizeof(int));
(*qptr)->size = size;
}
else{
/* delete the current queue */
(void) free((*qptr)->que);
(void) free(*qptr);
}
}
/*
* add an element to an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int n element to be appended
*/
void addToQueue(QUEUE *qptr, int n)
{
/* add new element to tail of queue */
qptr->que[(qptr->head + qptr->count) % qptr->size] = n;
qptr->count++;
}
/*
* take an element off the front of an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int *n storage for the return element
*/
void removeFromQueue(QUEUE *qptr, int *n)
{
/* return the element at the head of the queue */
*n = qptr->que[qptr->head++];
qptr->count--;
qptr->head %= qptr->size;
}
of queues, and returns a pointer to the queue that is created.
The header file - queueHeader.c - and queue manager - queeManager.c -
are below.
Write a main driver, queueMain.c and exercise these functions to get a
feel for it.
Analyze the code given and explain clearly any four vulnerabilities, each
description of about 5 -6 sentences - each vulnerability has to be a
very specific problem, not something general like buffer overflow etc.
For any ONE vulnerability, describe how you may fix it - NO need to write
actual (fix) code though.
For any ONE vulnerability, write an exploit, mainExploit.c --
exploit code should be readable and well-documented, else you get 0.
/**
queueHeader.h header file
*/
/*
* the queue structure
*/
typedef struct queue {
int *que; /* the actual array of queue elements */
int head; /* head index in que of the queue */
int count; /* number of elements in queue */
int size; /* max number of elements in queue */
} QUEUE;
/*
* the library functions
*/
void queueManage(QUEUE **, int, int); /* create or delete a queue */
void addToQueue(QUEUE *, int); /* add to queue */
void removeFromQueue(QUEUE *, int *); /* remove from queue */
/**
queueManager.c source
*/
#include <stdlib.h>
#include "queueHeader.h"
/*
* create or delete a queue
*
* PARAMETERS: QUEUE **qptr space for, or pointer to, queue
* int flag 1 for create, 0 for delete
* int size max elements in queue
*/
void queueManage(QUEUE **qptr, int flag, int size)
{
if (flag){
/* allocate a new queue */
*qptr = malloc(sizeof(QUEUE));
(*qptr)->head = (*qptr)->count = 0;
(*qptr)->que = malloc(size * sizeof(int));
(*qptr)->size = size;
}
else{
/* delete the current queue */
(void) free((*qptr)->que);
(void) free(*qptr);
}
}
/*
* add an element to an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int n element to be appended
*/
void addToQueue(QUEUE *qptr, int n)
{
/* add new element to tail of queue */
qptr->que[(qptr->head + qptr->count) % qptr->size] = n;
qptr->count++;
}
/*
* take an element off the front of an existing queue
*
* PARAMETERS: QUEUE *qptr pointer for queue involved
* int *n storage for the return element
*/
void removeFromQueue(QUEUE *qptr, int *n)
{
/* return the element at the head of the queue */
*n = qptr->que[qptr->head++];
qptr->count--;
qptr->head %= qptr->size;
}