-
-
Save Elkamika/ee6846a5e1e934c8dd8ee3705e008317 to your computer and use it in GitHub Desktop.
Demo heap buffer overflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#define MAX_USERS 3 | |
#define MAX_NAME 10 | |
#define MAX_PASSWD 10 | |
struct user_info | |
{ | |
char user_name[MAX_NAME]; | |
char user_pass[MAX_PASSWD]; | |
unsigned user_logged; | |
}; | |
struct user_db | |
{ | |
char name[MAX_NAME]; | |
char passwd[MAX_PASSWD]; | |
}; | |
struct user_db users[MAX_USERS] = | |
{ | |
[0].name = "john", | |
[0].passwd = "1234", | |
[1].name = "rabe", | |
[1].passwd = "2000", | |
[2].name = "safidy", | |
[2].passwd = "3000" | |
}; | |
static void list_users (void) | |
{ | |
for (unsigned i = 0; i < MAX_USERS; i++) | |
printf("user %u %s\n", i, users[i].name); | |
} | |
static struct user_info * user_info_alloc(void) | |
{ | |
struct user_info *uinfo = NULL; | |
uinfo = (struct user_info *)malloc(sizeof(struct user_info )); | |
if (!uinfo) | |
return NULL; | |
memset(uinfo, 0x0, sizeof(struct user_info)); | |
return uinfo; | |
} | |
static void user_info_check(struct user_info *uinfo) | |
{ | |
struct user_db *bdinfo = NULL; | |
/* Search for a user in the database */ | |
for (unsigned i = 0; i < MAX_USERS; i++) { | |
if (!strcmp(users[i].name, uinfo->user_name)) | |
bdinfo = &users[i]; | |
} | |
/* No user found, */ | |
if (!bdinfo) | |
return; | |
/* Compare the user provided password to the one stored in the database */ | |
if (!strcmp(bdinfo->passwd, uinfo->user_pass)) | |
uinfo->user_logged = 1; | |
} | |
int main(int argc, char const *argv[]) | |
{ | |
puts("******************WELCOM TO CloudC****************\n"); | |
puts("Please, Enter your credentials to log in\n"); | |
struct user_info * uinfo = user_info_alloc(); | |
if (!uinfo) { | |
puts("cannot allocate user info\n"); | |
return 1; | |
} | |
printf("Username: "); | |
gets(&uinfo->user_name); | |
puts(""); | |
printf("Password: "); | |
gets(&uinfo->user_pass); | |
user_info_check(uinfo); | |
puts(""); | |
if (uinfo->user_logged) | |
printf("User %s successfully logged in\n", uinfo->user_name); | |
puts(""); | |
free(uinfo); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment