Which of the following controls must be in place to prevent this vulnerability?

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?
A . Convert all integer numbers in strings to handle the memory buffer correctly.
B . Implement float numbers instead of integers to prevent integer overflows.
C . Use built-in functions from libraries to check and handle long numbers properly.
D . Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

View Answer

Answer: C

Explanation:

The security analyst should implement a control that uses built-in functions from libraries to check and handle long numbers properly. This will help prevent integer overflow vulnerabilities, which occur when a value is moved into a variable type too small to hold it. For example, if an integer variable can only store values up to 255, and a value of 256 is assigned to it, the variable will overflow and wrap around to 0. This can cause unexpected program behavior or lead to buffer overflow vulnerabilities if the overflowed value is used as an index or size for memory allocation1. Built-in functions from libraries can help avoid integer overflow by performing checks on the input values and the resulting values, and throwing exceptions or errors if they exceed the limits of the variable type2.