mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 10:53:03 +00:00
Update README.md
This commit is contained in:
parent
bf90ce0f45
commit
119eb4e363
1 changed files with 78 additions and 0 deletions
|
@ -42,3 +42,81 @@ For 64 bit systems
|
||||||
gcc vuln.c -o vuln -fno-stack-protector -m32
|
gcc vuln.c -o vuln -fno-stack-protector -m32
|
||||||
```
|
```
|
||||||
`-fno-stack-protector` disabled the stack protection. Smashing the stack is now allowed. `-m32` made sure that the compiled binary is 32 bit. You may need to install some additional libraries to compile 32 bit binaries on 64 bit machines.
|
`-fno-stack-protector` disabled the stack protection. Smashing the stack is now allowed. `-m32` made sure that the compiled binary is 32 bit. You may need to install some additional libraries to compile 32 bit binaries on 64 bit machines.
|
||||||
|
|
||||||
|
## Additional Examples and References
|
||||||
|
|
||||||
|
A buffer overflow is a type of software vulnerability that occurs when a program attempts to store more data in a buffer (a temporary storage area) than it can hold. This can cause the extra data to overflow into adjacent memory locations, potentially overwriting important data or instructions.
|
||||||
|
|
||||||
|
Here is another example of a buffer overflow in C:
|
||||||
|
|
||||||
|
```
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
int main(int argc, char* argv[]) {
|
||||||
|
char buffer[5]; // Declare a buffer with a size of 5 bytes
|
||||||
|
strcpy(buffer, argv[1]); // Copy the first command line argument into the buffer
|
||||||
|
printf("%s\n", buffer); // Print the contents of the buffer
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
In this example, the program declares a `buffer` of size 5 bytes and uses the `strcpy` function to copy the first command line argument into the buffer. However, if the command line argument is longer than 5 bytes, the `strcpy` function will copy all the characters of the argument into the buffer, causing the extra characters to overflow into adjacent memory locations.
|
||||||
|
|
||||||
|
A malicious attacker could exploit this vulnerability by providing a long string as an argument to the program, which can cause the program to crash or execute arbitrary code.
|
||||||
|
|
||||||
|
Another example:
|
||||||
|
|
||||||
|
```
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
void vulnerable_function(char* user_input) {
|
||||||
|
char buffer[10];
|
||||||
|
strcpy(buffer, user_input); // copy user input into the buffer
|
||||||
|
printf("Input: %s\n", buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
int main(int argc, char* argv[]) {
|
||||||
|
vulnerable_function(argv[1]);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
In this example, the program has a function called `vulnerable_function` which takes a single argument, a string of user input. The function then declares a buffer of size 10 bytes and uses the `strcpy` function to copy the user input into the buffer.
|
||||||
|
|
||||||
|
However, if the user input is longer than 10 bytes, the `strcpy` function will copy all the characters of the input into the buffer, causing the extra characters to overflow into adjacent memory locations.
|
||||||
|
|
||||||
|
A malicious attacker could exploit this vulnerability by providing a long string as an argument to the program when it is executed, which can cause the program to crash or execute arbitrary code.
|
||||||
|
|
||||||
|
There are several ways to fix a buffer overflow vulnerability. Here are a few examples:
|
||||||
|
|
||||||
|
- Using a different function: Instead of using the `strcpy` function, which does not check for buffer overflow, you can use a function like `strncpy` which takes an additional argument specifying the maximum number of bytes to be copied. This can prevent overflowing the buffer.
|
||||||
|
|
||||||
|
```
|
||||||
|
strncpy(buffer, user_input, sizeof(buffer) - 1);
|
||||||
|
buffer[sizeof(buffer) - 1] = '\0';
|
||||||
|
```
|
||||||
|
|
||||||
|
- Using a library function: You can use a library function like `snprintf` which can be used to write a limited number of characters to a buffer, making sure that the buffer is not overflown.
|
||||||
|
|
||||||
|
```
|
||||||
|
snprintf(buffer, sizeof(buffer), "%s", user_input);
|
||||||
|
```
|
||||||
|
|
||||||
|
- Input validation: You can validate the user input before it is copied into the buffer, checking if the length of the input is less than the size of the buffer.
|
||||||
|
|
||||||
|
```
|
||||||
|
if (strlen(user_input) < sizeof(buffer)) {
|
||||||
|
strcpy(buffer, user_input);
|
||||||
|
} else {
|
||||||
|
printf("Error: input too long\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
- Using a safer data type: You can use a safer data type like std::string in C++, which automatically handles buffer overflow and other security issues.
|
||||||
|
|
||||||
|
```
|
||||||
|
std::string buffer;
|
||||||
|
buffer = user_input;
|
||||||
|
```
|
||||||
|
|
||||||
|
It is important to remember that buffer overflow vulnerabilities can have serious security implications, so it is essential to ensure that your code is free of such vulnerabilities.
|
||||||
|
|
Loading…
Reference in a new issue