堆栈内存溢出
  简体   繁体   English

缓冲区溢出

[英]Buffer Overflow

 原文  2015-09-19 04:54:14       c/ buffer-overflow/ integer-overflow/ strlen

问题描述

I have been searching online for a few days but still cannot figure out what is the vulnerability for below code. 我已经在网上搜索了几天,但仍然无法确定以下代码的漏洞是什么。 My first thought is that we can do overflow for int 'length' and then do buffer overflow exploit to copy shell code and return address to buffer. 我首先想到的是,我们可以为int'length'进行溢出,然后进行缓冲区溢出利用以复制shell代码并将地址返回到缓冲区。 However the 'length' size in the code is preventing a buffer overflow. 但是,代码中的“长度”大小可防止缓冲区溢出。 Can anyone shed some lights on how to exploit this program? 谁能阐明如何利用此程序? thanks much! 非常感谢! 

void copy_str(char *buffer2, int buffer2_l, char *input)
{
   int i, length;

   length = strlen(input);
   if (length > buffer2_l)
     length = buffer2_l;

   for (i = 0; i <= **length**; i++)
       buffer2[i] = input[i];
}

void vul2(char *arg)
{
  char buffer[109];

  copy_str(buffer, sizeof buffer, arg);
 }

void vul1(char *argv[])
{
   vul2(argv[1]);
}
int main(int argc, char *argv[])
{
  if (argc != 2)
    {
      fprintf(stderr, "program2: argc != 2\n");
      exit(EXIT_FAILURE);
    }
  vul1(argv);
  return 0;
}

1 个解决方案

解决方案1
 1  2015-09-19 05:46:34

如果argv[1]为109个字符或更长,则将buffer溢出1个char ,因为您使用<=进行长度比较。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 缓冲区溢出 - Buffer Overflow 这个缓冲区溢出了吗? - Is this buffer overflow? 缓冲区溢出缓冲区长度 - Buffer overflow buffer length 缓冲区溢出; 避免溢出攻击 - Buffer Overflow; Avoiding overflow attacks 不溢出的缓冲区溢出 - Buffer overflow that doesn't overflow 缓冲区溢出漏洞实验室 - Buffer overflow vulnerability lab C缓冲区溢出攻击 - C Buffer Overflow Attack 缓冲区溢出未发生 - Buffer Overflow not happened 由于缓冲区溢出而覆盖 - Overwrite due to buffer overflow 使用strcpy的基本缓冲区溢出 - basic buffer overflow with strcpy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM