Lab 11
11/18 @ 11:59 PM
Not accepted late
Note: this is lab 11, even though we're in week 12. The difference is because of the week(s) where no lab was held.
The Lab Assignment

This lab will involve understanding one of the most classic vulnerabilities in binary executables, the buffer overflow, which is largely enabled by the memory layout scheme that we've studied. For the assignment, answer the following items:

  1. Provide a snippet of C code that is vulnerable to a buffer overflow.
  2. Why are buffer overflows allowed to occur?
  3. Describe a static protection mechanism against buffer overflows for C (i.e. a defense against buffer overflows that issues error messages at compile time)
  4. Describe a dynamic protection mechanism against buffer overflows for C (i.e. a defense against buffer overflows that issues error messages at run time)
  5. Use the AddressSanitizer mechanism of g++ to harden your example code from above. Show the output of your hardened program when an overflow is executed.

Submission Instructions

Create a tarball consisting of a single directory with all of your work in it, such as code or written answers. If you have any auxiliary files (READMEs, Makefiles, etc.), be sure to include those as well. Name your work directory l11 and name the tarball l11.tgz. Upload your tarball to the L11 Canvas assignment.

Labs will be graded under one of following criteria:

  1. Effort: You will automatically be given full credit for the labwork if the GTA determines that your participation in the lab was meaningful - i.e. you attended the lab session and used the time to make a good-faith attempt to complete the work. It is the sole discretion of the GTA to determine if you put in sufficient effort. Even if you expect an effort-based grade, you should turn in your (possibly incomplete) work.
  2. Correctness: If you do not participant meaningfully in lab (i.e. you do not attend the lab session), your grade will be assessed based on the correctness of your lab submission.

Advice: How to Approach Labs

The two-criteria grading scheme above is designed to avoid wasting your time. You should not feel obligated to attend the lab, and in fact should only do so if you want help from the GTA on the labwork assignment or whatever project is currently in progress. Here's a handy flowchart for how I suggest you approach lab: