Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CYB2200 - L3

C Style Strings

QuestionAnswer
Why C Many common vulnerabilities, many legacy code running, Many existing systems and software were written in C/CPP, C/CPP still widely used
When was C Developed 1970
why is C being developed in 1970 a big deal Security was not a big concern
Describe why learning C vulnerabilities is valuable Some of the vulnerabilities do not exist in other programming languages but are good to understand the vulnerabilities
Describe what C style strings are are a fundamental concept, but they are not a built-in data type in C
Describe C style strings character array terminated by a NUL character (ASCII 0x00).
what are the two problems with using c strings The length of the string and the size of the character array The NUL terminator
how is the length of the string and the size of the character array a problem The string size is larger than the character array size leading to a buffer overflow
how is the NUL terminator a problem NUL character marking the end of a string. If it is missing a NUL terminator it continues reading characters
what is NUL null character, null terminator, It is a character., ASCII value of 0 (‘\0’), Marked the end of a C string
what is NULL Indicates a pointer doesn’t point to any valid memory location. int *ptr = NULL;
what are C string handling vulnerabilities unsafe use of a handful of functions (unbounded string functions), bounded string functions
describe what makes unbounded string functions unsafe The destination buffer’s size isn’t taken into account at all, buffer overflow (source data’s length exceeds the destination buffer’s size)
what are bounded string functions A length parameter to designate the length (or bounds) of the destination buffer Safer alternatives to the unbounded string functions, A length parameter to designate the length (or bounds) of the destination buffer, May be misused in more subtle ways
printf(“hello world!\n”);
printf ("a has value %d\n", a);
printf ("a has value %d, b has value %d\n", a, b);
printf ("a has value %d, b has value %d, c is at address: %x\n", a, b, &c);
printf function int printf(const char *format,...) where The ... indicates that zero or more optional arguments can be provided when the function is invoked
format string This is the string that contains the text to be written to stdout. It can optionally contain embedded format tags that are replaced by the values specified in subsequent additional arguments and formatted as requested.
The printf function uses its first argument to determine how many arguments will follow and of what types they are.
%d decimal (int) passed as value
%u unsigned decimal (unsigned int) passed as value
%x hexadecimal (unsigned int)
%s string ((const) (unsigned) char *) passed as reference
%n number of bytes written so far (* int) passed as reference
printf (”The new string is %s \n", str);
unbounded string functions scanf(), sprintf(), strcpy(), strcat()
scanf() reading in data from standard input
scanf() function int scanf(const char *format, ...);
scanf() purpose parses input according to the format specified in the format argument
sprintf() function int springf(char *str, const char *format, ...);
sprintf() purpose print a formatted string to a destination buffer
strcpy() function char *strcpy(char *dst, char *src)
strcpy() purpose copies the string located at src to the destination dst. It ceases copying when it encounters an end of string character (a NUL byte)
what does strcpy do function that copies the string pointed to by src (including the terminating null character) into the array pointed to by dst
strcat() function char *strcat(char *dst, char *src)
strcat() purpose functions are responsible for concatenating two strings together . the src string is appended to dst (the terminating character at the end of dest is replaced by the first character of src)
what is important to remember about strcat() the terminating character at the end of dest is replaced by the first character of src
Created by: user-1830624
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards