Created
December 31, 2017 15:23
-
-
Save artem-smotrakov/7fc2d7390f99974b6a663d77d198a739 to your computer and use it in GitHub Desktop.
An example of a global buffer overflow with reading sensitive data, see more on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| char secret[32]; | |
| char public[32]; | |
| void print_strings(char *buffer, int len) { | |
| for (int i=0; i<len; i++) { | |
| if (buffer[i] != 0) { | |
| printf("%c", buffer[i]); | |
| } | |
| } | |
| printf("\n"); | |
| } | |
| int main(int argc, char **argv) { | |
| if(argc < 2) { | |
| printf("no parameters specified\n"); | |
| exit(-1); | |
| } | |
| strcpy(secret, "This is a secret"); | |
| strcpy(public, "This is public data"); | |
| // convert first parameter to an integer | |
| int len = atoi(argv[1]); | |
| // allocate a local buffer | |
| // reserve one byte for \0 symbol | |
| char buffer[len+1]; | |
| // global buffer overread may occur here | |
| // if `len` is more than length of `public` | |
| memcpy(buffer, public, len); | |
| buffer[len] = 0; | |
| print_strings(buffer, len); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment