No Buffer Overflow
Giorgos Keramidas
keramida at ceid.upatras.gr
Sun Oct 17 17:01:30 PDT 2004
On 2004-10-17 17:36, Jason Dusek <jason-dusek at uiowa.edu> wrote:
> Hi Everyone,
>
> I am reading an intro to shell-coding, and the following program is used as
> a simple example of vulnerable code:
>
> : int
> : main(int argc, char **argv, char **envp)
> : {
> : char buf[256];
> : strcpy(buf, argv[1]);
> :
> : return 0;
> : }
>
> When I run this code like this:
>
> 18 > vuln
> Segmentation fault (core dumped)
>
> it segfaults, like the tutorial says.
This invocation of the program segfaults because it tries to dereference a
NULL pointer while strcpy() runs.
> In the tutorial this line:
> 19 > vuln `perl -e 'print "A"x256 . "BBBB" . "CCCC"'`
>
> also segfaults, but not on my machine. Is this some FreeBSD security
> feature? If this doesn't cause a segfault, does it still overflow?
The overflow still occurs. You just happen to be overwriting random stack
data. By invoking undefined behavior, after writing past the end of an array,
you shouldn't expect to get predictable results; not even a segmentation fault
is guaranteed.
- Giorgos
More information about the freebsd-questions
mailing list