The Most Memory Safe Buffer Overflow in Rust!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // The Most Memory Safe Buffer Overflow in Rust! | |
| // | |
| // Consider all the code below under Public Domain | |
| // | |
| // How to build: | |
| // $ rustc main.rs | |
| // | |
| // Wrong password: | |
| // $ printf "hello\n" | ./main | |
| // | |
| // Right password: | |
| // $ printf "password\n" | ./main | |
| // | |
| // Universal password: | |
| // $ printf "aaaaaaaaaaaaaa\0aaaaaaaaaaaaaa\0" | ./main | |
| // | |
| // Support Rust Recovery Foundation: https://rustrecoveryfoundation.neocities.org/ | |
| use std::io::{BufRead, Write}; | |
| const BUF_CAP: usize = 15; | |
| type Ptr = usize; | |
| fn alloc_buffer(mem: &mut Vec::<char>, size: usize) -> Ptr { | |
| let result = mem.len(); | |
| for _ in 0..size { | |
| mem.push(' ') | |
| } | |
| result | |
| } | |
| fn alloc_str(mem: &mut Vec<char>, s: &str) -> Ptr { | |
| let result = mem.len(); | |
| for c in s.chars() { | |
| mem.push(c) | |
| } | |
| mem.push('\0'); | |
| result | |
| } | |
| fn read_line_into_buffer(input: &mut impl BufRead, mem: &mut Vec<char>, buf: Ptr) { | |
| let mut s = String::new(); | |
| let n = input.read_line(&mut s).unwrap(); | |
| for (i, c) in s.chars().enumerate() { | |
| mem[buf + i] = c; | |
| } | |
| if mem[buf + n - 1] == '\n' { | |
| mem[buf + n - 1] = '\0' | |
| } else { | |
| mem[buf + n] = '\0'; | |
| } | |
| } | |
| fn streq(mem: &Vec<char>, mut s1: Ptr, mut s2: Ptr) -> bool { | |
| while mem[s1] != '\0' && mem[s2] != '\0' { | |
| if mem[s1] != mem[s2] { | |
| return false; | |
| } | |
| s1 += 1; | |
| s2 += 1; | |
| } | |
| mem[s1] == '\0' && mem[s2] == '\0' | |
| } | |
| fn main() { | |
| let mut mem = Vec::<char>::new(); | |
| let buffer = alloc_buffer(&mut mem, BUF_CAP); | |
| let password = alloc_str(&mut mem, "password"); | |
| alloc_buffer(&mut mem, BUF_CAP); | |
| print!("Password: "); | |
| std::io::stdout().flush().unwrap(); | |
| read_line_into_buffer(&mut std::io::stdin().lock(), &mut mem, buffer); | |
| if streq(&mem, buffer, password) { | |
| println!("Access Granted!") | |
| } else { | |
| println!("Access Denied!") | |
| } | |
| } |
found it from the mention in your brainfuck video, excellent shitpost
It's not really buffer overflow though, is it? That's just an ordinary buffer reuse, you can do that in any language >.>
It's not really buffer overflow though, is it? That's just an ordinary buffer reuse, you can do that in any language >.>
It's an overflow of a logically allocated sub-buffer. It leads to the same kinds of bugs and vulnerabilities.
Of course, it's kinda like doing things the hard wrong way on purpose, but it goes to show that Rust merely makes it harder to have buffer overflows, but it can't stop you if you're brave enough.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
People on the Internet say that this does not prove that Rust is memory unsafe. I have no idea why they think that this is to prove unsafety of Rust. I explicitly said that this is The Most Memory Safe Buffer Overflow in Rust. Read the description carefully.