Skip to content

Instantly share code, notes, and snippets.

@rexim
Last active Jul 2, 2022
Embed
What would you like to do?
The Most Memory Safe Buffer Overflow in Rust!
// The Most Memory Safe Buffer Overflow in Rust!
//
// Consider all the code below under Public Domain
//
// How to build:
// $ rustc main.rs
//
// Wrong password:
// $ printf "hello\n" | ./main
//
// Right password:
// $ printf "password\n" | ./main
//
// Universal password:
// $ printf "aaaaaaaaaaaaaa\0aaaaaaaaaaaaaa\0" | ./main
//
// Support Rust Recovery Foundation: https://rustrecoveryfoundation.neocities.org/
use std::io::{BufRead, Write};
const BUF_CAP: usize = 15;
type Ptr = usize;
fn alloc_buffer(mem: &mut Vec::<char>, size: usize) -> Ptr {
let result = mem.len();
for _ in 0..size {
mem.push(' ')
}
result
}
fn alloc_str(mem: &mut Vec<char>, s: &str) -> Ptr {
let result = mem.len();
for c in s.chars() {
mem.push(c)
}
mem.push('\0');
result
}
fn read_line_into_buffer(input: &mut impl BufRead, mem: &mut Vec<char>, buf: Ptr) {
let mut s = String::new();
let n = input.read_line(&mut s).unwrap();
for (i, c) in s.chars().enumerate() {
mem[buf + i] = c;
}
if mem[buf + n - 1] == '\n' {
mem[buf + n - 1] = '\0'
} else {
mem[buf + n] = '\0';
}
}
fn streq(mem: &Vec<char>, mut s1: Ptr, mut s2: Ptr) -> bool {
while mem[s1] != '\0' && mem[s2] != '\0' {
if mem[s1] != mem[s2] {
return false;
}
s1 += 1;
s2 += 1;
}
mem[s1] == '\0' && mem[s2] == '\0'
}
fn main() {
let mut mem = Vec::<char>::new();
let buffer = alloc_buffer(&mut mem, BUF_CAP);
let password = alloc_str(&mut mem, "password");
alloc_buffer(&mut mem, BUF_CAP);
print!("Password: ");
std::io::stdout().flush().unwrap();
read_line_into_buffer(&mut std::io::stdin().lock(), &mut mem, buffer);
if streq(&mem, buffer, password) {
println!("Access Granted!")
} else {
println!("Access Denied!")
}
}
@rexim
Copy link
Author

rexim commented Feb 19, 2022

People on the Internet say that this does not prove that Rust is memory unsafe. I have no idea why they think that this is to prove unsafety of Rust. I explicitly said that this is The Most Memory Safe Buffer Overflow in Rust. Read the description carefully.

@ElectronicRU
Copy link

ElectronicRU commented Feb 21, 2022

found it from the mention in your brainfuck video, excellent shitpost

@lovelymono
Copy link

lovelymono commented May 21, 2022

It's not really buffer overflow though, is it? That's just an ordinary buffer reuse, you can do that in any language >.>

@ElectronicRU
Copy link

ElectronicRU commented May 21, 2022

It's not really buffer overflow though, is it? That's just an ordinary buffer reuse, you can do that in any language >.>

It's an overflow of a logically allocated sub-buffer. It leads to the same kinds of bugs and vulnerabilities.
Of course, it's kinda like doing things the hard wrong way on purpose, but it goes to show that Rust merely makes it harder to have buffer overflows, but it can't stop you if you're brave enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment