C bufferoverflow question. can anyone solve it?

This is a discussion on C bufferoverflow question. can anyone solve it? within the Linux Programming forums, part of the Platform Specific Boards category; Consider the following C program: Code: void func(char * str) { char buff[16]; strcpy(buff,str); } void main(int argc, char * ...

  1. #1
    Registered User
    Join Date
    Nov 2009
    Posts
    1

    C bufferoverflow question. can anyone solve it?

    Consider the following C program:
    Code:
    void func(char * str)
    {
    char buff[16];
    strcpy(buff,str);
    }
    void main(int argc, char * argv[])
    {
    int check = 1;
    func(argv);
    if(check == 1)
    {
    printf(“check should be 1 (%d)\n”,check);
    } else
    {
    Printf(“check should not be 1 (%d)\n”,check);
    }
    }
    Q1. Mount buffer overflow attack on the given program and corrupt the variable “check” with the value 25.

    After the buffer overflow attack the output of the program should be the following:

    check should not be 1 (25)

    Q2. Mount buffer overflow attack on the given program and bypass the “if” condition.

    After the buffer overflow attack the output of the program should be the following:
    check should not be 1 (1)

    Q3. Increase the size of the buffer “buff” to as much as you want. Mount a buffer overflow attack and make the program execute a shell (“/bin/bash”).

  2. #2
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,600
    Hint: why wouldn't this be vulnerable to a buffer overflow?

    Code:
    #include<stdio.h>
    #include<stdlib.h>
    #include<string.h>
    
    #define CONSTANT 2
    
    int main( int argc, char** argv )
    {
    	int unused = CONSTANT;
    	char buffer[ CONSTANT ];
    	if( argc != 2 )
    	{
    		printf( "Overflow This!\n" );
    		printf( "Usage: %s <text>\n", *argv );
    		return EXIT_FAILURE;
    	}
    	strncpy( buffer, argv[ 1 ], sizeof( buffer ) );
    	buffer[ sizeof( buffer ) - 1 ] = 0; 
    	printf( "Unused = %d, Buffer: '%s'\n", unused, buffer );	
    	return EXIT_SUCCESS;
    }
    If you can answer that, then you can answer the original questions, I think.

  3. #3
    Registered User
    Join Date
    Nov 2008
    Posts
    75
    Quote Originally Posted by asdfgh View Post
    Consider the following C program:
    Code:
    void func(char * str)
    {
    char buff[16];
    strcpy(buff,str);
    }
    void main(int argc, char * argv[])
    {
    int check = 1;
    func(argv);
    if(check == 1)
    {
    printf(“check should be 1 (%d)\n”,check);
    } else
    {
    Printf(“check should not be 1 (%d)\n”,check);
    }
    }
    Q1. Mount buffer overflow attack on the given program and corrupt the variable “check” with the value 25.

    After the buffer overflow attack the output of the program should be the following:

    check should not be 1 (25)

    Q2. Mount buffer overflow attack on the given program and bypass the “if” condition.

    After the buffer overflow attack the output of the program should be the following:
    check should not be 1 (1)

    Q3. Increase the size of the buffer “buff” to as much as you want. Mount a buffer overflow attack and make the program execute a shell (“/bin/bash”).
    Are you sure that your code isn't like this instead: func(argv[1]); ?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. another do while question
    By kbpsu in forum C++ Programming
    Replies: 3
    Last Post: 03-23-2009, 12:14 PM
  2. Design layer question
    By mdoland in forum C# Programming
    Replies: 0
    Last Post: 10-19-2007, 04:22 AM
  3. A question on Pointers & Structs
    By FJ8II in forum C++ Programming
    Replies: 4
    Last Post: 05-28-2007, 10:56 PM
  4. Question type program for beginners
    By Kirdra in forum C++ Programming
    Replies: 7
    Last Post: 09-15-2002, 05:10 AM
  5. what does this warningmean???
    By kreyes in forum C Programming
    Replies: 5
    Last Post: 03-04-2002, 06:53 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21