buffer-overflow

Writing Secure C and Secure C Idioms

爷,独闯天下 提交于 2019-11-26 23:50:06
问题 "The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the techniques I use and ask are they as secure as I think they are. Please don't not hesitate to tear my code/preconceptions to shreds. Any answer that finds even the most trivial vulnerability or teaches me a new idea will be highly valued . Reading from a stream: According to the GNU C Programming Tutorial getline: The getline function will

Overflow over scanf(“%8s”, string)?

白昼怎懂夜的黑 提交于 2019-11-26 21:41:39
问题 I know it's possible to overflow ordinary code: char string[9]; scanf("%s", string). But is it possible to overflow scanf("%8s", string)? 8 is just an example. I know "%8s" works like a delimit, but I also notice when I input string longer than 8 chars, the program will terminate due to: * stack smashing detected * : ./a.out terminated ======= Backtrace: ========= ... Obviously there's a flag that detects stack smashing turned on by GCC by default. Since this is a stack smashing, then my

Buffer overflow works in gdb but not without it

风流意气都作罢 提交于 2019-11-26 21:23:22
I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-redhat-linux-gnu". For bug reporting

How to turn off gcc compiler optimization to enable buffer overflow

浪子不回头ぞ 提交于 2019-11-26 21:15:13
I'm working on a homework problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. I realize it's architecture dependant - my machine runs w/ 32-bit Intel processor. Thanks. rook That's a good problem. In order to solve that problem you will also have to disable ASLR otherwise the address of g() will be unpredictable. Disable ASLR: sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space' Disable canaries: gcc overflow.c -o overflow -fno-stack-protector After canaries and

How to determine the size of an allocated C buffer? [duplicate]

我只是一个虾纸丫 提交于 2019-11-26 20:58:24
问题 This question already has answers here : How can I get the size of a memory block allocated using malloc()? [duplicate] (9 answers) Closed 9 months ago . I have a buffer and want to do a test to see if the buffer has sufficient capacity I.e. find number of elements I can add to the buffer. char *buffer = (char *)malloc(sizeof(char) * 10); Doing a int numElements = sizeof(buffer); does not return 10, any ideas on how I can accomplish this? 回答1: buffer is just a pointer without size information

Does Java have buffer overflows?

ⅰ亾dé卋堺 提交于 2019-11-26 20:10:35
Does Java have buffer overflows? If yes can you give me scenarios? Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios: If you call native code via JNI In the JVM itself (usually written in C++) The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks) Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM/CLR/etc) which actually run the code may. For all intents and purposes, no. Java has array bounds checking which

buffer overflow example from Art of Exploitation book

南笙酒味 提交于 2019-11-26 18:14:37
问题 I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file. Briefly author tries to overflow program from notesearch.c int main(int argc, char *argv[]) { int userid, printing=1, fd; char searchstring[100]; if(argc > 1) // If there is an arg strcpy(searchstring, argv[1]); else // otherwise, searchstring[0] = 0; The argument of the main function is copied to the searchstring array and if the argument is bigger than 100

How can I use strncat without buffer overflow concerns?

ぐ巨炮叔叔 提交于 2019-11-26 16:32:40
问题 I have a buffer, I am doing lot of strncat. I want to make sure I never overflow the buffer size. char buff[64]; strcpy(buff, "String 1"); strncat(buff, "String 2", sizeof(buff)); strncat(buff, "String 3", sizeof(buff)); Instead of sizeof(buff), I want to say something buff - xxx. I want to make sure I never override the buffer 回答1: Take into consideration the size of the existing string and the null terminator #define BUFFER_SIZE 64 char buff[BUFFER_SIZE]; //Use strncpy strncpy(buff, "String

Why is the fgets function deprecated?

夙愿已清 提交于 2019-11-26 11:03:57
问题 From The GNU C Programming Tutorial: The fgets (\"file get string\") function is similar to the gets function. This function is deprecated -- that means it is obsolete and it is strongly suggested you do not use it -- because it is dangerous. It is dangerous because if the input data contains a null character, you can\'t tell. Don\'t use fgets unless you know the data cannot contain a null. Don\'t use it to read files edited by the user because, if the user inserts a null character, you

What is a buffer overflow and how do I cause one?

梦想的初衷 提交于 2019-11-26 10:31:35
问题 I have heard about a buffer overflow and I would like to know how to cause one. Can someone show me a small buffer overflow example? New(And what they are used for?) 回答1: A buffer overflow is basically when a crafted section (or buffer) of memory is written outside of its intended bounds. If an attacker can manage to make this happen from outside of a program it can cause security problems as it could potentially allow them to manipulate arbitrary memory locations, although many modern
订阅 buffer-overflow