Thread: Find the Security Holes in this code

  1. 04-24-2002 #1
    MassiveAttack
    MassiveAttack is offline
    Registered User
    Join Date
    Apr 2002
    Posts
    1

    Lightbulb Find the Security Holes in this code

    #include<stdio.h>
    #include<stdlib.h>
    #include<sys/time.h>
    struct timeval tp;
    struct timezone tzp;
    main(int argc, char** argv)
    {
    void foo(FILE*);
    void bar();
    FILE* fp;
    char mybuf[1024]="hello";
    char* format="%d:%s\n";
    int i;
    for(i=2;i<argc;i++)
    {
    sleep(15);
    strcat(mybuf, argv[i]);
    if (getenv("DEBUG"))
    {
    fprintf(stderr, format, i, argv[i]);
    setuid(0);
    }
    else
    printf("situation normal-All ****ed UP \n");
    }
    if(argc>2)
    fp=fopen(argv[1], "a+");
    foo(fp);
    }
    else
    {
    bar();
    }
    }


    try to find any security holes in this code or the output.
  2. 04-24-2002 #2
    quzah
    quzah is offline
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    You should use strncat instead of strcat.

    Quzah.
    Hope is the first step on the road to disappointment.
  3. 04-24-2002 #3
    Lynux-Penguin
    Lynux-Penguin is offline
    Comment your source code! Lynux-Penguin's Avatar
    Join Date
    Apr 2002
    Posts
    533
    yes, use strncat instead of strcat because if the buffer is not defined or limited, well if you want to read Phrack's article on
    "Smashing the stack for fun and profit" by aleph1 go right ahead.

    -------
    You forgot the system damaging shellcode to be included in the overflow!
    Asking the right question is sometimes more important than knowing the answer.
    Please read the FAQ
    C Reference Card (A MUST!)
    Pointers and Memory
    The Essentials
    CString lib
  4. 04-24-2002 #4
    Prelude
    Prelude is offline
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,897
    There are no security holes, the program won't compile with a syntax error.

    -Prelude
    My best code is written with the delete key.
  5. 04-24-2002 #5
    Lynux-Penguin
    Lynux-Penguin is offline
    Comment your source code! Lynux-Penguin's Avatar
    Join Date
    Apr 2002
    Posts
    533
    oh, now that I have read the code and deciphered the purpose. Not only strncat but the fact that it's an argument into buffer is B_A_D! I don't feel like writing alternate code but feel free to check out "Writing secure programs for unix "

    -------------------------
    btw: prelude is right.

    remember to add the "{ " at the end of every "else "
    Last edited by Lynux-Penguin; 04-24-2002 at 06:47 PM.
    Asking the right question is sometimes more important than knowing the answer.
    Please read the FAQ
    C Reference Card (A MUST!)
    Pointers and Memory
    The Essentials
    CString lib
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. code to find th square root of a number
    By CODY21 in forum C++ Programming
    Replies: 34
    Last Post: 10-29-2010, 09:27 AM
  2. << !! Posting Code? Read this First !! >>
    By kermi3 in forum C# Programming
    Replies: 0
    Last Post: 10-14-2002, 01:26 PM
  3. Where to find the code for Header File FUnctions
    By vsriharsha in forum C Programming
    Replies: 1
    Last Post: 04-02-2002, 12:37 PM
  4. Code to find the day type of day in the year?
    By Unregistered in forum C Programming
    Replies: 3
    Last Post: 04-01-2002, 08:58 PM
  5. << !! Posting Code? Read this First !! >>
    By biosx in forum C++ Programming
    Replies: 1
    Last Post: 03-20-2002, 12:51 PM