Bufferoverflow in c

This is a discussion on Bufferoverflow in c within the C Programming forums, part of the General Programming Boards category; hi dis is dileep, iam new to this topic. but i has to learn the things for my academic project. ...

  1. #1
    Registered User
    Join Date
    Dec 2009
    Posts
    1

    Bufferoverflow in c

    hi dis is dileep,

    iam new to this topic. but i has to learn the things for my academic project. Please anybody give me the sompe sample programs for bufferoverflow in c language.

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,648
    What do you understand by "buffer overflow"? You should be able to construct a very simple example yourself given that understanding.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    Registered User
    Join Date
    Sep 2006
    Posts
    8,868
    gets() would be a great candidate for a good buffer overflow example.

    I don't have such an example, but you should be able to find several with a bit of googling.

  4. #4
    Learning C. JOZZY& Wakko's Avatar
    Join Date
    Nov 2009
    Posts
    59
    While C's simplicity increases the programmer's control and the efficiency of the resulting programs, it can also result in programs that are vulnerable to buffer overflows and memory leaks if the programmer isn't careful. This means that once a variable is allocated memory, there are no built-in safeguards to ensure that the contents of a variable fit into the allocated memory space. If a programmer wants to put ten bytes of data into a buffer that had only been allocated eight bytes of space, that type of action is allowed, even though it will most likely cause the program to crash. This is known as a buffer overrun or buffer overflow, since the extra two bytes of data will overflow and spill out of the allocated memory, overwriting whatever happens to come next. If a critical piece of data is overwritten, the program will crash. The overflow_example.c code offers an example.
    Code:
    #include <stdio.h>
    #include <string.h>
    
    int main(int argc, char *argv[]) {
       int value = 5;
       char buffer_one[8], buffer_two[8];
       
       strcpy(buffer_one, "one"); /* Put "one" into buffer_one. */
       strcpy(buffer_two, "two"); /* Put "two" into buffer_two. */
       
       printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
       printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
       printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);
       
       printf("\n[STRCPY] copying %d bytes into buffer_two\n\n",  strlen(argv[1]));
       strcpy(buffer_two, argv[1]); /* Copy first argument into buffer_two. */
       
       printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
       printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
       printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value); 
    }
    Source: Hacking: The Art of Exploitation - Wikipedia, the free encyclopedia

  5. #5
    Registered User
    Join Date
    Oct 2008
    Posts
    1,262
    I've always been a fan of the following brain-dead example:

    Code:
    #include <stdio.h>
    
    int main()
    {
      int *a[1];
      int i;
    
      printf("Main\n");
    
      for(i = 0; i < 10; i++)
        a[i] = main;
    }

  6. #6
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,548
    You think that should compile? It shouldn't.
    A better example should be:
    Code:
    int main()
    {
        int a[1];
    
        for (int i = 0; i < 10; i++)
            a[i] = 0;
    }
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Quote Originally Posted by Elysia View Post
    You think that should compile? It shouldn't.
    A better example should be:
    Code:
    int main()
    {
        int a[1];
    
        for (int i = 0; i < 10; i++)
            a[i] = 0;
    }
    Your example removes all the coolness. The reason for using main as the value is so that the stack return address gets overwritten with the address of main, causing an infinite loop when the function tries to return. Yes, it might not compile as-is, but it would with an appropriate cast.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  8. #8
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,548
    I'm fine with the example if it would compile.
    So if we would use a real function pointer, that would be cool.
    Code:
    typedef int (main_ptr)();
    int main()
    {
        main_ptr* ptr[1];
        for (int i = 0; i < 10; i++)
            ptr[i] = &main;
    }
    And let's not rely on old coding styles...
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  9. #9
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Quote Originally Posted by Elysia View Post
    I'm fine with the example if it would compile.
    So if we would use a real function pointer, that would be cool.
    Well, I just tried it myself and it doesn't work anyway with gcc 4.1.2 at least. I think what is happening is that the store for the 'i' variable is allocated above the memory for the 'a' array, and the loop overwrites i itself with the address of main() and prematurely terminates. I tried declaring i as register, and then it just started crashing.

    Would be a cool demo if it did work, and I'm sure it does, on some compilers.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  10. #10
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Speaking of overflows....question for the Windows gurus out there.... back in the WinXP/Win2K era there was a way of blue-screening a Windows box with a printf() that went something like:
    Code:
    for(int x = 0; x < 5; x++)
         printf("\t\t\b\b\b");
    Did anyone ever figure out why that happened? Just curious...
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  11. #11
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,548
    Quote Originally Posted by brewbuck View Post
    Well, I just tried it myself and it doesn't work anyway with gcc 4.1.2 at least. I think what is happening is that the store for the 'i' variable is allocated above the memory for the 'a' array, and the loop overwrites i itself with the address of main() and prematurely terminates. I tried declaring i as register, and then it just started crashing.

    Would be a cool demo if it did work, and I'm sure it does, on some compilers.
    We can always try
    /boots up Visual Studio.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  12. #12
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by jeffcobb View Post
    Speaking of overflows....question for the Windows gurus out there.... back in the WinXP/Win2K era there was a way of blue-screening a Windows box with a printf() that went something like:
    Code:
    for(int x = 0; x < 5; x++)
         printf("\t\t\b\b\b");
    Did anyone ever figure out why that happened? Just curious...
    This was a special cheat included by the developers, so if there was a bug that could not be traced, we just leave a "Blue screen of death" event so that most users will be unable to figure out what to blame. Unfortunately, the cheat was a little too simple -- kind of like pressing ctrl-space twice to reload all your weapons.

    Just kidding.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  13. #13
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,548
    I got it working:
    Code:
    #include <stdlib.h>
    
    typedef int (main_ptr)();
    int main()
    {
    	main_ptr* ptr[1];
    	printf("Main!\n");
    	for (int i = 0; i < 3; i++)
    		ptr[i] = &main;
    
    	__asm sub ebp, 4;
    }
    This recurs endlessly on Visual Studio.
    Last edited by Elysia; 12-18-2009 at 03:15 PM.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  14. #14
    Registered User whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    7,667
    Quote Originally Posted by Elysia View Post
    And let's not rely on old coding styles...
    What are you talking about?

  15. #15
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,548
    Taking the address of a function without the &.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. C bufferoverflow question. can anyone solve it?
    By asdfgh in forum Linux Programming
    Replies: 2
    Last Post: 11-03-2009, 12:40 PM
  2. Constructive criticism, suggestions etc
    By BobS0327 in forum C Programming
    Replies: 3
    Last Post: 01-08-2006, 08:35 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21