Generate lottery numbers
The following program takes a password as input but always refuses to generate lottery numbers:
#include <iostream> using namespace std; char goodPassword() { int good = ‘N’; char Password[10]; // Memory storage for the password cin>>Password; // Get input from keyboard return (char)good; } int main() { cout<<“Enter your password:”<<endl; if (goodPassword() == ‘Y’) { cout << “The lottery numbers are: “; for (int i = 0; i < 5; i++) cout << rand()%50 << ” “;; } else { printf(“No numbers for you today.\n”); } return 0; }
Luckily, the program is vulnerable to a buffer overrun in the good Password() procedure. The goal is to take advantage of the vulnerability so that it can generate lucky numbers for us.
- a) Draw a diagram showing how the stack is arranged when this program runs. 10 pts
- b) Figure out a password that can make the program output a lucky number. Hint: no need to overwrite the return address; there is an easier target to overwrite in this program. Explain how your password works.5 pts
- c) Rewrite the program so that it no longer has a buffer vulnerability.