说理由。(3分)
【问题4】防范缓冲区溢出策略有哪些?【4分】
正确答案及解析
正确答案
解析
【问题3答案】
可以(3分)
strcpy(buffer,password)能够让
buffer
数组越界,而越界的
buffer[8~
11
]
将值写入相邻的变量
authenticated
中。如果溢出数据恰好把
authenticated
改为0,则系统密码验证流程被跳过,无需输入正确的密码“1234567”。(3分)
【问题4】答案(4分)
防范缓冲溢出的策略有:
l 系统管理防范策略:关闭不必要特权程序、及时打好系统补丁。
l 软件开发的防范策略:正确编写代码、缓冲区不可执行、改写C语言函数库、程序指针完整性检查等。
包含此试题的试卷
你可能感兴趣的试题
( )is that it provides guidance and direction on how quality will be managed and verified throughout the project.
-
- A.Plan Quality Management
- B.Manage Quality
- C.Control Quality
- D.Project Charter
- 查看答案
( )the process of determining,documenting,and managing stakeholder needs and requirements to meet Project objectives.
-
- A.Plan Scope Management
- B.Collection Requirements
- C.Validate Scope
- D.Control Scope
- 查看答案
The information security management system preserves the confidentiality,integrity and availability of information by applying a( ).
-
- A.technology management process
- B.resource management process
- C.quality management process
- D.risk management process
- 查看答案
( )is a decentralized database,ensure that the data will not be tampered with and forged.
-
- A.Artificial intelligence
- B.Blockchain
- C.Sensing technology
- D.Big datA
- 查看答案
( )puts computer resources on the web,and must meet the requirements of super capacity,super concurrency,super speed and super security.
-
- A.Cloud computing
- B.Big datA
- C.Blockchain
- D.Internet of things
- 查看答案