Identify a bu er over ow vulnerability in the source of the login program in assignment.c. Show two possible inputs that can be used to bypass password authentication, i.e., that can allow the adversa

Identify a buffer overflow vulnerability in the source of the login program in assignment.c.

Show two possible inputs that can be used to bypass password authentication, i.e., that

can allow the adversary to login without knowing the victim’s password.

This is the code:

#include

#include

#define BUFLEN 16

char enteredusername[BUFLEN];

char enteredpassword[BUFLEN];

char username[BUFLEN];

char password[BUFLEN];

void init()

{

// Set all buffers to 0

memset(username, 0, BUFLEN);

memset(password, 0, BUFLEN);

memset(enteredusername, 0, BUFLEN);

memset(enteredpassword, 0, BUFLEN);

// Set username and password for one user

strcpy(username, “bob”);

strcpy(password, “bef9b9b9”);

}

int main()

{

init();

printf(“Enter username: n”);

gets(enteredusername);

printf(“Enter password for user %s: n”, enteredusername);

gets(enteredpassword);

if (!memcmp(password, enteredpassword, BUFLEN) && !memcmp(username, enteredusername, BUFLEN))

{

printf(“Access granted. Welcome %sn”, enteredusername); // now the user is logged in

return 0;

}

else

{

printf(“Access denied. Invalid username or passwordn”); // the user authentication attempt is rejected

return -1;

}

}