Buffer Overflow Problem（转）

Buffer Overflow Problem: Consider the following code:

Harry Hochheiser, hhochheiser@towson.edu 

// buffer overflow demo
#include <>
using namespace std;

int main() {
     int importantData = 1;
     int buffer[10];

     cout << "importantData = " << importantData << endl;
     cout << "buffer overflow " << endl;v

     for (int i = 0; i < ??; i++)
           buffer[i] = 7;
     cout << "importantData = " << importantData << endl;
     return 0;
}

1. Type in the above program. What value should replace the ?? Compile and Run with this value.
2. Replace the ?? with 20 this time. What happens? Why?

The following security checklist is a tool used to find potential security vulnerabilities in your programs. Read the checklist, apply it (as best you can) to the problem given above, and answer these questions:

1. Describe the buffer overflow problem.
2. Give three real life examples of buffer overflow attacks (research on the web, and indicate your sources).
3. What can result from a buffer overflow?
4. List three ways you could potentially overflow a buffer in your program.
5. How could you prevent a buffer overflow from occurring in your program?

Some of the elements in the checklist may refer to material that we have not seen this semester. If so, please disregard them.

Please submit the program with appropriate marking (in color or alternate font) and your answers to these questions

Security checklist
Vulnerability	Buffer Overflow
Description	A buffer overflow occurs when data is written beyond the boundaries of a fixed length buffer overwriting adjacent memory locations which may include other buffers, variables and program flow data.
Risk	Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.WARNING: over 80% of security problems result from buffer overflows!
Real World Exaple	The earliest known exploitation of a buffer overflow was the Morris worm in 1988. In 2001, the Code Red wormexploited a buffer overflow in Microsoft's Internet Information Services and in 2003 the SQLSlammer worm compromised machines running Microsoft SQL Server 2000.

Task: Check your code		Yes	No	Unsure
1. Check each array assignment that could result in an overflow (indices >= ARR_SIZE ) EX: arr[ARR_SIZE] = 0;
2.Check loop boundaries >= ARR_SIZE EX: for (i = 0; i <= ARR_SIZE; i++) array[i] = x;//off-by-one!
3. Check all indices that are input. EX: cin >> i; array[i] = x;
4. Are all string functions within range? (hint: do not use: gets, strcpy, sprintf)
5.Are arrays close to pointers? (Hint: remember the return address of a function is a pointer)
Shaded area indicated this is a high security risk!

生活用品英语（不定期更新）

被子 quilt [kwilt]　
手巾架towel holder

Eclipse 中正确显示中文字符

Window->Preferences->General->Workspace ->Text file encodeing
change Default(Cp1252) to UTF-8

KartRider （跑跑卡丁车）Nexon 连喷方法

上
上右
上右　＋　shift
左上
右　＋　shift (快）
左上 （ 喷）
右　＋　shift (快）
左上 （ 喷）
上
上＋ ctrl

KartRider （跑跑卡丁车）Nexon 快捷键

人物表情：
CTRL+1笑 　lol CTRL+2怕怕
CTRL+3哭 CTRL+4怒 >।< CTRL+5打招呼 CTRL+6喜欢 CTRL+7- -！ CTRL+8睡觉


CTRL：道具
R:复位键
←↑↓→/WASD:上下左右
ESC：计时赛
F4:截图
F5:准备/开始
F7,F8:游戏音乐 开/关
F11:窗口/全屏



按ctrl+e 可以直接跑计时赛

按ctrl+r 可以直接进入回放

按alt+F4 关闭游戏

按shift+F4 穿水，穿香蕉，穿人

按alt+F6 卡自爆，穿人，穿水，穿香

Game BLOXORZ passcode

Game Bloxorz ( click here (CHINA) or (USA)to open or download )
The aim of the game is to get the block to fall into the square hole at the end of the stage.
I finished all the stages today. It's fine and some of the stages are really need time to try again and again.



PASSCODE:
stage 11 : 291709 (*)
stage 12 :958640
stage 14 : 000241
stage 16 : 683596

stage 19 : 119785
stage 20 : 543019
stage 21 : 728724
stage 22: 987319
stage 23: 293486
stage 24 : 088198
stage 25: 250453
stage 26: 426329
stage 27 : 660141
stage 28: 769721
stage 29: 691859
stage 30: 280351
stage 31: 138620
stage 32: 879021
stage 33: 614955

Sieve of Eratosthenes Algorithm

The Sieve of Eratosthenes is an alternative method for finding prime numbers by progressively filtering multiples of primes.


/*Sieve of Eratosthenes
1.Write a list of numbers from 2 to the largest number you want to test for primality.
Call this List A. (This is the list of squares on the left-hand-side of the picture.)
2.Write the number 2, the first prime number, in another list for primes found.
Call this List B. (This is the list on the right-hand-side of the picture.)
3.Strike off 2 and all multiples of 2 from List A.
4.The first remaining number in the list is a prime number.
Write this number into List B.
5.Strike off this number and all multiples of this number from List A.
The crossing-off of multiples can be started at the square of the number, as lower multiples have already been crossed out in previous steps.
6.Repeat steps 4 and 5 until no more numbers are left in List A.
*/
#include
#include
using namespace std;
const int SIZE = 1000;
int main ()
{
int arr[SIZE];
int i;
for ( i= 0 ; i < SIZE; i ++ )
{
arr [i] = 1;
}

int p = 2; //first prime number

while ( p*p < SIZE)
{
for ( i=2 ; i*p < SIZE; i++ )
{
arr[p*i] = 0;
//cout << p*i << endl;

}

for ( i= p ; i < SIZE; i ++ )
{// find prime
if (arr[i] == 1 && i > p) // find the next prime number
{
p = i;
//cout << i << endl;
break;
}
}
}

int line=0;
for ( i= 2 ; i < SIZE; i ++ )
{

if(arr [i] == 1)
{
line ++;
cout << setw (4)< if (line % 10 == 0)
cout << endl;
}
}
cout << endl;

return 0;
}