LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 02-01-2010, 12:30 PM   #1
primenu
LQ Newbie
 
Registered: Oct 2009
Posts: 13
Blog Entries: 1

Rep: Reputation: 0
Heap overflow:..


I came across this piece of code in a article while trying to understand what was causing segmentation faults and other problems in my program, and the help article puts this code as a challenge and if I can't figure out whats worng in this code , I definately can't understand further discussion.
Can i get any help..

#include <stdio.h>
int main(int argc, char **argv)
{
char *buf1, *buf2, *buf3;
if(argc == 1) {
printf("\nThis program takes a string as an arguement.\n");
return(0);
}
buf1 = (char *) malloc(56);
buf2 = (char *) malloc(56);
buf3 = (char *) malloc(56);

strcpy(buf2,"CCCCCCCCCCCCCCCC");
strcpy(buf1, argv[1]);

printf("\n%s\n", buf1);

free(buf2);
free(buf1);

strcpy(buf3, "END OF PROGRAM");
printf("\n%s\n", buf3);

free(buf3);
return(0);
}
 
Old 02-01-2010, 12:41 PM   #2
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,107

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
When you post code, you should use code tags to make the code more readable.

If you are asking a question about something you read online, please post the URL of the original. Otherwise we are left guessing about what you might have quoted out of context.

In the code you posted, I noticed only the lack of defensive programming. The code could seg fault if the size of the input (the command line argument) is larger than expected.
 
Old 02-01-2010, 12:46 PM   #3
a4z
Member
 
Registered: Feb 2009
Posts: 444

Rep: Reputation: 152Reputation: 152
strcpy(buf1, argv[1]);

./myprog anargwithmorethan56charswillcauseasegmentationfaultbecauseitistolongforbuf1soyoubettercheckthis

or use strncpy(buf1, argv[1], 56);
 
Old 02-01-2010, 12:55 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Firstly, post code in code blocks to retain indentation.
Code:
#include <stdio.h>                          
#include <stdlib.h>                         
#include <string.h>                         

int
main (int argc, char **argv)
{
  char *buf1, *buf2, *buf3;
  if (argc == 1)
    {
      printf ("\nThis program takes a string as an arguement.\n");
      return (0);
    }
  buf1 = (char *) malloc (56);
  buf2 = (char *) malloc (56);
  buf3 = (char *) malloc (56);

  strcpy (buf2, "CCCCCCCCCCCCCCCC");
  strcpy (buf1, argv[1]);

  printf ("\n%s\n", buf1);

  free (buf2);
  free (buf1);

  strcpy (buf3, "END OF PROGRAM");
  printf ("\n%s\n", buf3);

  free (buf3);
  return (0);
}
The c library functions have their own manpages. At the top, the header files are listed.
Entering the program and trying to compile it would have provided enough feedback to
know that you didn't include needed include files.

This will get you started. Do you see any more problems?
 
Old 02-01-2010, 03:01 PM   #5
primenu
LQ Newbie
 
Registered: Oct 2009
Posts: 13
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Thanks to you all for the suggestions.Notes taken for clear and properly indentated questions from next time .

Last edited by primenu; 02-01-2010 at 04:30 PM.
 
Old 02-01-2010, 03:45 PM   #6
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,107

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
That page was teaching about buffer overflow exploits, not about buffer overflow.

So obviously it needed to assume an audience that fully understands the buffer overflow itself, so the focus could be on how to construct the input ascii data that would exploit the overflow to gain control of the program rather than to seg fault.

I'm sure there are better pages you might find if you are looking for explained examples of common programming errors that lead to seg faults for accidentally out of range input (and may lead to security holes if someone hostile understands your bug well enough to exploit it).
 
Old 02-01-2010, 03:47 PM   #7
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,302
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by primenu View Post
...if I can't figure out what's wrong in this code, I definitely can't understand further discussion.
I read the article from which you got that code. It is self explanatory. It is also an article about how to take advantage of a broken program to execute arbitrary code. In his example, the author shows how to start an instance of "/bin/sh" with the privileges of the broken program.

The article in your link is about cracking. According to the letter of the law, your post violates this forum rule:
Quote:
Originally Posted by jeremy
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
Please ask one of the site moderators to help you delete your post.
 
Old 02-01-2010, 04:03 PM   #8
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,107

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
Quote:
Originally Posted by David1357 View Post
Please ask one of the site moderators to help you delete your post.
You could just edit your own post to take the link out, assuming you see this before a moderator takes any action.

When I asked you to post that link, I didn't guess that the link would violate forum policy. But sorry about my role in getting you to violate the rules.

I still think it is a generally a good idea to post URL's when asking questions about things you read online. But there are exceptions.

There isn't a big difference between a general discussion of how to exploit bugs (to crack security) vs. how to understand security flaws in order to identify and correct them. Since that was a generic lesson (not an exploit of a specific existing bug), I think that link ought to be OK at LQ in an appropriate context. But since security wasn't the point of the OP's question, it may be better to delete the link.

Last edited by johnsfine; 02-01-2010 at 04:12 PM.
 
Old 02-01-2010, 04:30 PM   #9
primenu
LQ Newbie
 
Registered: Oct 2009
Posts: 13
Blog Entries: 1

Original Poster
Rep: Reputation: 0
I was totally unaware of that.I will delete the URL ..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there any heap compaction in C/C++? hs_linux Programming 2 12-14-2009 08:04 AM
Heap of Problems puesdo Linux - Newbie 1 07-25-2009 10:39 AM
Min Heap ShaqDiesel Programming 5 03-26-2008 05:30 PM
apache2 heap overflow error ? jalfaro Linux - Software 0 06-29-2006 02:43 PM
heap or stack yashwantpinge Programming 1 03-17-2006 07:25 AM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration