堆栈内存溢出
  简体   繁体   English

实际尝试引发分段错误时“检测到堆栈粉碎”

[英]Getting "stack smashing detected" when actually trying to provoke a segmentation fault

 原文  2022-01-30 18:16:38       c

问题描述

i'm currently learning about buffer overflows in c, and i'm following this video as a tutorial.我目前正在学习 c 中的缓冲区溢出,我正在关注这个视频作为教程。

So I have the following code:所以我有以下代码:

#include <stdio.h>
include <string.h>
int main(int argc, char *argv[]){ 
char buf[256];
 strcpy(buf, argv[1]); 
printf("%s,", buf); 
return 0; 
}

And I compile it in a way that should disable aslr $ gcc buf.c -o buf -no-pie -fno-PIE .我编译它的方式应该禁用 aslr $ gcc buf.c -o buf -no-pie -fno-PIE I then use gdb to find the location of the buffer I want to target.然后我使用 gdb 找到我想要定位的缓冲区的位置。 After that I try to see if I can provoke a segmentation fault by inputting a string that is too large into the program:之后,我尝试通过在程序中输入太大的字符串来查看是否可以引发分段错误:

(gdb) run $(python3 -c "print('A'*265)")
Starting program: /home/ask/Notes/ctf/bufoverflow/code/buf $(python3 -c "print('A'*265)")
*** stack smashing detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.

And much like I expected, this results in the program terminating with an error.就像我预期的那样,这会导致程序因错误而终止。 But, in the video that I have been looking at, the error that is provoked by this behavior is the Segmentation fault(SIGSEGV) .但是,在我一直在看的视频中,这种行为引发的错误是Segmentation fault(SIGSEGV) When I look up these two errors, it makes sense that I get the stack smashing error, since I am reaching out of bounds on the stack.当我查看这两个错误时,我得到堆栈粉碎错误是有道理的,因为我超出了堆栈的范围。

It seems like the stack smashing is raised before the SIGSEGV error is even hit.似乎在 SIGSEGV 错误甚至被击中之前就引发了堆栈粉碎。

So my question is, why can it be that one example gets one error, while I get the other?所以我的问题是,为什么一个例子会出现一个错误,而我却得到另一个? Does this likely have to do with the machine that I am running it on, and which protective settings are on it, or is something else to blame?这可能与我正在运行它的机器有关,它上面有哪些保护设置,还是有其他原因?

1 个解决方案

解决方案1
 0  2022-01-30 19:40:43

Stack smashing is when you overwrite the special values (return address, previous ebp register value) on your function's stack frame.堆栈粉碎是当您覆盖函数堆栈帧上的特殊值(返回地址、先前的ebp寄存器值)时。
This is is a common bug and is a security flaw.这是一个常见的错误,是一个安全漏洞。 Most compilers now add a simple check in your function prologue and epilogue to check whether the values changed.大多数编译器现在在您的 function 序言和尾声中添加一个简单的检查,以检查值是否更改。 This is the stack smashing error you are causing.这是您导致的堆栈粉碎错误。
To prevent the copmiler from inserting the stack-smashing check, use the -fno-stack-protector compiler flag.要防止 copmiler 插入堆栈粉碎检查,请使用-fno-stack-protector编译器标志。 (as @Grazosi suggested). (正如@Grazosi建议的那样)。
This will cause you program to use a (probably) invalid return address, and will cause a segmentation fault (invalid memory access)这将导致您的程序使用(可能)无效的返回地址,并将导致分段错误(无效的 memory 访问)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 检测到堆栈粉碎后出现分段错误 - stack smashing detected followed by segmentation fault ***检测到堆栈粉碎***:./ asem终止分段错误(核心已转储) - *** stack smashing detected ***: ./asem terminated Segmentation fault (core dumped) 检测到段故障和堆栈粉碎之间的差异 - the difference between segment fault and Stack smashing detected 为什么在执行memcpy时会检测到堆栈粉碎? - Why am I getting stack smashing detected when doing memcpy? 为什么我会检测到堆栈粉碎? - Why am I getting stack smashing detected? C-收到错误***检测到堆栈粉碎*** - C - getting error *** stack smashing detected *** 在C中串联字符串时“检测到堆栈崩溃” - “Stack smashing detected” when concatenating strings in C C-检测到堆栈粉碎 - C - stack smashing detected 检测到堆栈粉碎 - Stack smashing detected c堆栈检测到粉碎 - c stack smashing detected
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM