Date: Mon, 18 Oct 2004 03:01:18 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Jason Dusek <jason-dusek@uiowa.edu> Cc: freebsd-questions@freebsd.org Subject: Re: No Buffer Overflow Message-ID: <20041018000118.GB664@gothmog.gr> In-Reply-To: <4172F3D2.8040200@uiowa.edu> References: <4172F3D2.8040200@uiowa.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-10-17 17:36, Jason Dusek <jason-dusek@uiowa.edu> wrote:
> Hi Everyone,
>
> I am reading an intro to shell-coding, and the following program is used as
> a simple example of vulnerable code:
>
> : int
> : main(int argc, char **argv, char **envp)
> : {
> : char buf[256];
> : strcpy(buf, argv[1]);
> :
> : return 0;
> : }
>
> When I run this code like this:
>
> 18 > vuln
> Segmentation fault (core dumped)
>
> it segfaults, like the tutorial says.
This invocation of the program segfaults because it tries to dereference a
NULL pointer while strcpy() runs.
> In the tutorial this line:
> 19 > vuln `perl -e 'print "A"x256 . "BBBB" . "CCCC"'`
>
> also segfaults, but not on my machine. Is this some FreeBSD security
> feature? If this doesn't cause a segfault, does it still overflow?
The overflow still occurs. You just happen to be overwriting random stack
data. By invoking undefined behavior, after writing past the end of an array,
you shouldn't expect to get predictable results; not even a segmentation fault
is guaranteed.
- Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041018000118.GB664>