C中的缓冲区溢出与获取
[英]Buffer overflow in C with gets
问题描述
I am very new to C and as a class assignment my instructor wanted us to play with buffer overflows. 
我对C非常陌生,作为班级分配,我的老师希望我们玩缓冲器溢出。 I found the following online as an example and I can't figure out how to use it! 我在网上找到以下内容作为示例,但我不知道如何使用它!
#include <stdio.h>
char temp[32];
unsigned int setThis=1;
printf("Enter your temp: \n");
fgets(temp, 34, stdin); //Takes a 34 buffer size when temp can only be 32
printf("Value of you setThis: %d", setThis);
So my question is, how do i set "setThis" to a certain variable? 所以我的问题是,如何将“ setThis”设置为某个变量? Any help is appreciated, BeastlyJman. 感谢您的任何帮助,BeastlyJman。
1 个解决方案
解决方案1
1 已采纳 2015-02-24 22:09:48
There's no guaranteed way to do it, but typically variables are put on the stack such that the first variable is last in memory. 没有保证的方法,但是通常将变量放在堆栈上,以便第一个变量在内存中位于最后。 So if you declare setThis before temp[32] , then setThis will be at the end of the temp array, and you can overwrite it. 因此,如果在 temp[32] 之前声明setThis ,则setThis将在temp数组的末尾,您可以覆盖它。
But as I said, there's no guarantee that's what the compiler will do. 但是正如我所说,并不能保证编译器会执行此操作。 You should really check the assembly code that the compiler generates to see where temp and setThis are located. 您应该真正检查编译器生成的汇编代码,以查看temp和setThis的位置。
Also, you can save yourself some typing if you reduce the size of temp to temp[8] and then pass 10 to fgets . 此外,如果减少的大小,你可以节省自己一些打字temp来temp[8]然后通过10至fgets 。 To cause an overflow, you need to type more characters than the buffer can hold. 要导致溢出,您需要输入更多的字符,而缓冲区不能容纳更多的字符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.