






























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of software security, focusing on the importance of preventing unintended software behavior and the risks of hidden trojans in compilers and operating systems. It also covers common security defects, such as buffer overflows and integer overflows, and the dangers of untrusted input. The document concludes with a discussion of format string vulnerabilities and sql injection.
Typology: Assignments
1 / 38
This page cannot be seen from the preview
Don't miss anything!































Bill Pugh
int main(int argc, char *argv[]) { int value; char buf1[80]; … } argv argc return address frame pointer buf value
char buf[20]; char * prefix = “http://”; strcpy(buf,prefix); strncat(buf, path, sizeof(buf));
char buf[20]; char * prefix = “http://”; strcpy(buf,prefix); strncat(buf, path, sizeof(buf) - strlen(buf));
#define MAX_BUF 256 void doStuff(char * in) { short len; char buf[MAX_BUF]; len = strlen(in); if (len > MAX_BUF) return; strcpy(buf, in); .. do stuff with buf ... }