sfl-examples/lecture-demos/buffer-overflow/bufoverflow.c

38 lines
1.1 KiB
C
Raw Permalink Normal View History

2023-12-14 13:56:57 +01:00
// usage: bufoverflow <filename>
//
// files with more than 512B content will cause overflows.
// smaller files work just fine.
#include <stdint.h>
#include <string.h>
#include <stdio.h>
/*
before exploit after exploit
+++++++++++++ +++++++++++++
+ saved RIP + <-- rbp+8 + &shellc +---\
+++++++++++++ +++++++++++++ |
+ saved RBP + <-- rbp + anything + |
+++++++++++++ +++++++++++++ |
+ + + + |
+ + + + |
... ... ... ... |
+ + + + |
+ (512 B) + + + |
+ array + <-- rbp-0x200 + shellcode +<--/
+++++++++++++ rsp +++++++++++++
*/
int mystr(char *fn) {
char mystr[512];
register FILE *f = fopen(fn, "rb");
fread(mystr, 1024, 1, f); // VULNERABLE! reading 1024B into 512B buf
return mystr[0];
}
int main(int argc, char *argv[]) {
if (argc != 2) { printf("too few args."); return 1; }
return mystr(argv[1]);
}