Skip to content

Instantly share code, notes, and snippets.

@murx-

murx-/test2_do_not_optimize.c Secret

Created November 26, 2020 17:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save murx-/ca1b5c5e15ed5d050fff4fe04e0751f9 to your computer and use it in GitHub Desktop.
Save murx-/ca1b5c5e15ed5d050fff4fe04e0751f9 to your computer and use it in GitHub Desktop.
Download ZIP
Example of a vulnerable program for a blogpost.
Raw
test2_do_not_optimize.c
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
void vuln(char *buf, char third) {
memset(buf, 0, 128);
if (buf != NULL) {
buf[1] = 'b';
buf[2] = third;
printf("%p\n", buf);
free(buf);
printf("Freed %c", third);
}
else
puts("Already freed!");
}
int main() {
char buf[100];
int len = read(0, &buf, 99);
buf[len] = '\x00';
char *buf2 = malloc(128);
if (buf[0] == '0')
vuln(buf2, buf[0]);
if (buf[0] == '1')
vuln(buf2, buf[0]);
if (buf[0] == '2')
vuln(buf2, buf[0]);
if (buf[0] == '3')
vuln(buf2, buf[0]);
if (buf[0] == '4')
vuln(buf2, buf[0]);
if (buf[0] == '5')
vuln(buf2, buf[0]);
if (buf[0] == '6')
vuln(buf2, buf[0]);
if (buf[0] == '7')
vuln(buf2, buf[0]);
if (buf[0] == '8')
vuln(buf2, buf[0]);
if (buf[0] == '9')
vuln(buf2, buf[0]);
free(buf2);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment