Creating buffer overrun

Code:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define salt "AAAAA"
#define name1 "Alice"
#define pass1 "Alice123"
#define name2 "Bob"
#define pass2 "Bob12345"
#define name3 "Chris"
#define pass3 "Chris123"

void foo(const char* input)
{
    char buf[10];
    printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");


    //Pass the user input straight to secure code public enemy #1.
    strcpy(buf, input);
    printf("%s\n", buf);
    printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
}

int update(int money)
{
    money=money+2000;
    printf("Augh! I've been hacked!\n");
    return money;
}

int main(int argc, char *argv[])
{   char * name;
    char * pass;
    int money1=1234;
    int money2=2533;
    int money3=4567;
    
    printf("Address of foo is: %p\n", foo);
    printf("Address of update is: %p\n", update);
    
    if(argc != 3)
    {        printf("Usage: Your_Username Your_Password\n");
             exit(1);
    }
    name=argv[1];
    pass=argv[2];
    
    if(strcmp(name,name1) == 0 && strcmp(pass,pass1) == 0)
    {
       printf("Welcome Alisa, Your balance is: $ %i", money1);
       foo(argv[2]);
    }
    else if(strcmp(name,name2) == 0 && strcmp(pass,pass2) == 0)
    {
       printf("Welcome Bob, Your balance is: $ %i", money2);
       foo(argv[2]);
    }
    else if(strcmp(name,name3) == 0 && strcmp(pass,pass3) == 0)
    {
       printf("Welcome Chris, Your balance is: $ %i", money3);
       foo (argv[2]);
    }
    else
    {
       printf("Wrong username and password");
    }
    return 0;
}

That is the code i have, now i want to cause a buffer overrun. The buffer overrun is caused by misuse of a password input and can be exploited by manipulating a password input
Let's assume that everyone have 8 characters of password. A malicious customer could enter oversized password to invoke the update function in an attack.

Before that, a user have to enter their username and password to access the program.

StoredSalt+StoredPassword == StoredSalt+EnteredPassword.

I want to use strcat. A concatenation of a password and a salt code in arrays could cause a buffer overrun.

I have no idea how to do that. Can anyone help me. And is there any ways to prevent buffer overrun?

Dear suckss.. what really sucks u is You is impatience. Try to read some material for c programming. Even what u want to make is not clear(i mean logic behind the program).

Originally Posted by maven

Dear suckss.. what really sucks u is You is impatience. Try to read some material for c programming. Even what u want to make is not clear(i mean logic behind the program).

I'm sorry about my impatience. I will try to read the book. If i stuck, then i will ask for your help. Thx for the suggestion maven.