Assignment 4, due Feb 16
Part of
the homework for 22C:169, Spring 2007
|
Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.
#/bin/tcsh # fib arg # outputs the arg'th fibonacci number if ($argv <= 1) then echo $argv else @ m1 = $argv - 1 @ m2 = $argv - 2 @ return = `fib $m1` + `fib $m2` echo $return endif
a) What output does this produce for the inputs fib 0 through fib 8 (1/2 point)
b) Give equivalent C, C++, C# or Java code, writing it as a function that takes an integer argument and returns an integer result. Hint: In all of these languages, the code is smaller than the original shell script! (1/2 point)
c) Explain the potential for injection vulnerability in this code; what stupid thing did the programmer do? (1 point)
d) Give a command line for a call to the above fib script that will, as a side effect, run the cat fib command to list the file to standard output. (1 point)
e) Propose code to add to the fib routine that prevents its use with the incorrect number of parameters. This is one way to eliminate the injection vulnerability in this code. (1 point)
f) In fact, this code does include an injection vulnerability. Can you find a call to this code that will inject the command ls -l fib? (From there, it is not a long shot to rm -f fib.) (1 point)