Computer Hacking Forensic Investigator (CHFI v10) — Question 590

Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }

Answer options

• A. Buffer overflow
• B. SQL injection
• C. Format string bug
• D. Kernal injection

Correct answer: A

Explanation

The correct answer is A, Buffer overflow, because the code uses strcpy to copy user input into a fixed-size buffer without checking the length, which can lead to an overflow. The other options, such as SQL injection and format string bug, do not apply here as they involve different vulnerabilities not demonstrated by the provided code.