C bufferoverflow question. can anyone solve it?

asdfgh · 11-03-2009, 04:06 AM

Consider the following C program:

Code:

void func(char * str)
{
char buff[16];
strcpy(buff,str);
}
void main(int argc, char * argv[])
{
int check = 1;
func(argv);
if(check == 1)
{
printf(“check should be 1 (%d)\n”,check);
} else
{
Printf(“check should not be 1 (%d)\n”,check);
}
}

Q1. Mount buffer overflow attack on the given program and corrupt the variable “check” with the value 25.

After the buffer overflow attack the output of the program should be the following:

check should not be 1 (25)

Q2. Mount buffer overflow attack on the given program and bypass the “if” condition.

After the buffer overflow attack the output of the program should be the following:
check should not be 1 (1)

Q3. Increase the size of the buffer “buff” to as much as you want. Mount a buffer overflow attack and make the program execute a shell (“/bin/bash”).

Sebastiani · 11-03-2009, 04:42 AM

Hint: why wouldn't this be vulnerable to a buffer overflow?

Code:

#include<stdio.h>
#include<stdlib.h>
#include<string.h>

#define CONSTANT 2

int main( int argc, char** argv )
{
	int unused = CONSTANT;
	char buffer[ CONSTANT ];
	if( argc != 2 )
	{
		printf( "Overflow This!\n" );
		printf( "Usage: %s <text>\n", *argv );
		return EXIT_FAILURE;
	}
	strncpy( buffer, argv[ 1 ], sizeof( buffer ) );
	buffer[ sizeof( buffer ) - 1 ] = 0; 
	printf( "Unused = %d, Buffer: '%s'\n", unused, buffer );	
	return EXIT_SUCCESS;
}

If you can answer that, then you can answer the original questions, I think.

MisterIO · 11-03-2009, 01:40 PM

Quote:

Originally Posted by asdfgh

Consider the following C program:

Code:

void func(char * str)
{
char buff[16];
strcpy(buff,str);
}
void main(int argc, char * argv[])
{
int check = 1;
func(argv);
if(check == 1)
{
printf(“check should be 1 (%d)\n”,check);
} else
{
Printf(“check should not be 1 (%d)\n”,check);
}
}

Q1. Mount buffer overflow attack on the given program and corrupt the variable “check” with the value 25.

After the buffer overflow attack the output of the program should be the following:

check should not be 1 (25)

Q2. Mount buffer overflow attack on the given program and bypass the “if” condition.

After the buffer overflow attack the output of the program should be the following:
check should not be 1 (1)

Q3. Increase the size of the buffer “buff” to as much as you want. Mount a buffer overflow attack and make the program execute a shell (“/bin/bash”).

Are you sure that your code isn't like this instead: func(argv[1]); ?

11-03-2009, 04:06 AM	#1
asdfgh Registered User Join Date: Nov 2009 Posts: 1	C bufferoverflow question. can anyone solve it? Consider the following C program: Code: void func(char * str) { char buff[16]; strcpy(buff,str); } void main(int argc, char * argv[]) { int check = 1; func(argv); if(check == 1) { printf(“check should be 1 (%d)\n”,check); } else { Printf(“check should not be 1 (%d)\n”,check); } } Q1. Mount buffer overflow attack on the given program and corrupt the variable “check” with the value 25. After the buffer overflow attack the output of the program should be the following: check should not be 1 (25) Q2. Mount buffer overflow attack on the given program and bypass the “if” condition. After the buffer overflow attack the output of the program should be the following: check should not be 1 (1) Q3. Increase the size of the buffer “buff” to as much as you want. Mount a buffer overflow attack and make the program execute a shell (“/bin/bash”).
asdfgh is offline

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
another do while question	kbpsu	C++ Programming	3	03-23-2009 12:14 PM
Design layer question	mdoland	C# Programming	0	10-19-2007 04:22 AM
A question on Pointers & Structs	FJ8II	C++ Programming	4	05-28-2007 10:56 PM
Question type program for beginners	Kirdra	C++ Programming	7	09-15-2002 05:10 AM
what does this warningmean???	kreyes	C Programming	5	03-04-2002 07:53 AM