Thread: Making Vulnerable Program Not Vulnerable

  1. #1
    TheCMan
    Guest

    Question Making Vulnerable Program Not Vulnerable

    I have a program in C that is vulnerable to buffer overflow attacks. I need to understand how to make it not vulnerable to these attacks, and why the code added would do so-

    #include <stdio.h>


    #include <string.h>




    int main (int argn, char** argv) {
    char buffer[100];
    int i;
    long *addr_ptr; //a long is guaranteed to be a four-byte word
    strcp(buffer,argv[1]); //copies chars of argv[1] without bound
    addr_ptr = (long *) buffer;
    for (i = 0; i < 35; i++) {
    printf(“%02i:%08x:%08x\n”, //%08x displays hex chars
    i,(unsigned int) addr_ptr, (unsigned int) *addr_ptr);
    addr_ptr++;
    Last edited by TheCMan; 05-17-2019 at 01:36 PM.

  2. #2
    Registered User rstanley's Avatar
    Join Date
    Jun 2014
    Location
    New York, NY
    Posts
    1,106
    You would need to provide a full program, preferably small, that demonstrates the problem.

    Insufficient code to compile, and detect the problem.

  3. #3
    TheCMan
    Guest

    Code:

    Quote Originally Posted by rstanley View Post
    You would need to provide a full program, preferably small, that demonstrates the problem.

    Insufficient code to compile, and detect the problem.
    #include <stdio.h>


    #include <string.h>




    int main (int argn, char** argv) {
    char buffer[100];
    int i;
    long *addr_ptr; //a long is guaranteed to be a four-byte word
    strcp(buffer,argv[1]); //copies chars of argv[1] without bound
    addr_ptr = (long *) buffer;
    for (i = 0; i < 35; i++) {
    printf(“%02i:%08x:%08x\n”, //%08x displays hex chars
    i,(unsigned int) addr_ptr, (unsigned int) *addr_ptr);
    addr_ptr++;

  4. #4
    Registered User rstanley's Avatar
    Join Date
    Jun 2014
    Location
    New York, NY
    Posts
    1,106
    This is just a repeat of what you posted before.

    Your for() loop is not terminated, as well as the main().

    Plus you did not put the code in CODE tags.

  5. #5
    Registered User catacombs's Avatar
    Join Date
    May 2019
    Location
    /home/
    Posts
    81
    Please format your code so we can read it:

    Code:
    #include <stdio.h>
    #include <string.h>
    
    int main (int argn, char** argv)    {
    char buffer[100];
        int i;
        long *addr_ptr;             //a long is guaranteed to be a four-byte word
        strcp(buffer,argv[1]);    //copies chars of argv[1] without bound
        addr_ptr = (long *) buffer;
        for    (i = 0;    i < 35;    i++)    {
            printf(“%02i:%08x:%08x\n”,    //%08x displays hex chars
                i,(unsigned int) addr_ptr, (unsigned int) *addr_ptr);
            addr_ptr++;

  6. #6
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    You probably meant to call strcpy rather than strcp, and so there's an obvious buffer overflow vulnerability there: argv[1] is user input, so you can't go willy nilly copying all of it into a fixed size array without knowing how long it is.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  7. #7
    TheCMan
    Guest
    Code:
    #include <stdio.h>
    #include <string.h>
    
    int main (int argn, char** argv)    {
    char buffer[100];
        int i;
        long *addr_ptr;             //a long is guaranteed to be a four-byte word
        strcpy(buffer,argv[1]);    //copies chars of argv[1] without bound
        addr_ptr = (long *) buffer;
        for    (i = 0;    i < 35;    i++)    {
            printf(“%02i:%08x:%08x\n”,    //%08x displays hex chars
                i,(unsigned int) addr_ptr, (unsigned int) *addr_ptr);
            addr_ptr++;
        }
    }
    
    Sorry, here is the formatted code. And yes it is strcpy, sorry that was a typo.
    Last edited by TheCMan; 05-17-2019 at 03:08 PM.

  8. #8
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Besides strcpy, other things to ask yourself:
    • Since a pointer is used to reinterpret a sequence of characters, will the alignment always work out? In this case, will there always be enough bytes to make up an entire long?
    • Will the loop loop out of bounds?
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  9. #9
    Registered User catacombs's Avatar
    Join Date
    May 2019
    Location
    /home/
    Posts
    81
    Quote Originally Posted by TheCMan View Post
    Code:
    #include <stdio.h>
    #include <string.h>
    
    int main (int argn, char** argv)    {
    char buffer[100];
        int i;
        long *addr_ptr;             //a long is guaranteed to be a four-byte word
        strcpy(buffer,argv[1]);    //copies chars of argv[1] without bound
        addr_ptr = (long *) buffer;
        for    (i = 0;    i < 35;    i++)    {
            printf(“%02i:%08x:%08x\n”,    //%08x displays hex chars
                i,(unsigned int) addr_ptr, (unsigned int) *addr_ptr);
            addr_ptr++;
        }
    }
    
    Sorry, here is the formatted code. And yes it is strcpy, sorry that was a typo.
    No problem, mate

  10. #10
    TheCMan
    Guest
    Any idea on what needs to be done to make this not vulnerable?

  11. #11
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Come on, you need to do some thinking. I've outlined to you some of what to look out for, so start analysing based on that.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  12. #12
    TheCMan
    Guest
    Quote Originally Posted by laserlight View Post
    Come on, you need to do some thinking. I've outlined to you some of what to look out for, so start analysing based on that.
    If I hadn't thought it over multiple times trying to figure it out , I would not be posting the question here.

  13. #13
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Did you think of the points I mentioned?
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  14. #14
    Registered User
    Join Date
    May 2009
    Posts
    4,183
    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.." Bill Bryson

  15. #15
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    Also, think of how you can avoid using strcpy altogether.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Need help making a program in C
    By 8494 in forum C Programming
    Replies: 1
    Last Post: 10-09-2015, 11:20 PM
  2. Help making a program
    By XtC10 in forum C++ Programming
    Replies: 9
    Last Post: 08-13-2010, 09:41 AM
  3. system() vulnerable to a buffer overflow?
    By Loic in forum C Programming
    Replies: 19
    Last Post: 08-12-2008, 05:33 PM
  4. Making a program that makes a program?
    By C-isCool in forum C Programming
    Replies: 3
    Last Post: 07-06-2007, 07:12 PM
  5. making a program leave a msg for background program when it closes
    By superflygizmo in forum Windows Programming
    Replies: 2
    Last Post: 02-06-2006, 07:44 PM

Tags for this Thread