buffer-overflow

So here I believe I have a small buffer overflow problem I found when reviewing someone else's code. It immediately struck me as incorrect, and potentially dangerous, but admittedly I couldn't explain the ACTUAL consequences of this "mistake", if any. I had written up a test app to demonstrate the error, but found (to my dismay) that it seems to run correctly regardless of the overflow. I want to believe that this is just by chance, but wanted some feedback to determine if my thinking were wrong, or if there truly is a problem here that just isn't showing its head in my test app. The problem

I am trying to implement a buffer overflow attack and I need to know the address of my buffer that I am trying to overflow. The address that is displayed using GDB is different than if I just did this in the code: Exact code: #include<stdio.h> int main() { char buffer[20]; printf("%p\n", buffer); // 0xbffff320 return 0; } However, in gdb if I do: p &buffer I get: 0xbffff330 Why is there a difference and will it mess up my buffer overflow attack? I have ALSR and stack guard disabled. Thanks. EDIT 1: Even when I step through gdb and it encounters the print line, I get 0xbffff320 as the address

I got a homework assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this: #include <stdio.h> #include <stdlib.h> void g() { printf("now inside g()!\n"); } void f() { printf("now inside f()!\n"); // can only modify this section // cant call g(), maybe use g (pointer to function) } int main (int argc, char *argv[]) { f(); return 0; } Though I'm not sure how to proceed. I thought about changing the return address for the program counter so that it'll proceed directly to the address of g(), but I'm not sure how to access it. Anyway

I was trying to do a buffer overflow (I'm using Linux) on a simple program that requires a password. Here's the program code: #include <stdio.h> #include <stdlib.h> #include <string.h> int check_authentication(char *password){ int auth_flag = 0; char password_buffer[16]; strcpy(password_buffer, password); if(strcmp(password_buffer, "pass1") == 0) auth_flag = 1; if(strcmp(password_buffer, "pass2") == 0) auth_flag = 1; return auth_flag; } int main(int argc, char **argv) { if(argc < 2){ printf("\t[!] Correct usage: %s <password>\n", argv[0]); exit(0); } if(check_authentication(argv[1])){ printf("

Consider the following very basic program, which has appeared in many forms on other questions here. #include <string.h> int main() { char message[8]; strcpy(message, "Hello, world!"); } On my system, if I put this in a file called Classic.c , compile it with no special flags and run it, I get the following output. $ gcc -o Classic Class.c $ ./Classic *** stack smashing detected ***: ./Classic terminated Aborted (core dumped) Normally, program output goes to stderr or stdout , so I expected that the following would produce no output. ./Classic 2> /dev/null > /dev/null However, the output is