Created
December 31, 2017 15:21
-
-
Save artem-smotrakov/b5ec30cd841cac298d60fbf39e43a5b7 to your computer and use it in GitHub Desktop.
Overwriting a function pointer in global memory, see detail on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| void do_something(void) { | |
| printf("this is not a secret\n"); | |
| } | |
| void print_secret(void) { | |
| printf("this is a secret\n"); | |
| } | |
| // uninitialized function pointer | |
| void (*func)(void); | |
| // a buffer for password | |
| char buffer[16]; | |
| int main(int argc, char **argv) { | |
| if(argc < 2) { | |
| printf("pass a password\n"); | |
| exit(-1); | |
| } | |
| func = &do_something; | |
| // copy pass phrase to the buffer | |
| strcpy(buffer, argv[1]); | |
| // check if the password is correct | |
| if (strcmp(buffer, "password") == 0) { | |
| printf("access granted\n"); | |
| func = &print_secret; | |
| } | |
| func(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment