~/src/www.mokhan.ca/xlgmokha [main]
cat buffer-overflow.md
buffer-overflow.md 4772 bytes | 2016-04-10 22:33
symlink: /dev/eng/buffer-overflow.md

Buffer Overflow

Notes from CPNT-260 at SAIT.

  high  ---------
        | Stack |
        ---------
        | Heap  |
        ---------
        | Data  |
        ---------
        | Code  |
        ---------
        | OS    |
  low   ---------

Memory Organization (x86)

  low   ----------------------
        |                     |
        ----------------------
        | Local Variables     |
        ----------------------
        | Saved Frame Pointer |
        ----------------------
        | Return Address      |
        ----------------------
        | Parameter           |
  high  ----------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int check_password(char *pwd)
{
  int auth_flag = 0;
  char password_flag[5];

  strcpy(password_buffer, pwd);

  if (strcmp(password_buffer, "love") == 0)
    auth_flag = 1
  if (strcmp(password_buffer, "god") == 0)
    auth_flag = 1
  if (strcmp(password_buffer, "sex") == 0)
    auth_flag = 1
  return auth_flag;
}

int main(int argc, char *argv[])
{
  if ( check_password(argv[1]) )
  {
    printf("*** Access Granted ***\n");
  } else {
    printf("!!! Access Denied !!!\n");
  }
}

$ gcc -o buff buff.c
$ ./buff test
!!! Access Denied !!!
$ ./buff love
*** Access Granted ***
$ ./buff secret
*** Access Granted ***
Lines: 70 | Words: 302 | Reading time: 2 min