seg fault showing even after program execution

Question

---

I just wrote a simple program for buffer overflow inspection .

---

Upon running this

The result shows:

 gcc -g buffer.c
 ./a.out Hello
----ACCESS GRANTED----

(This was expected)

 ./a.out aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
----ACCESS GRANTED----

(Indicating the overflow)

./a.out aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
----ACCESS GRANTED----

I wonder why saying segmentation fault after showing the result.

Answer 1

Your question seems to be assuming that the segfault happens after the program terminated. It actually happens during execution, most likely while executing the implicit return statement at the end of the main function.

When running a C program, the system does a bit of initialization before calling the main function (typically, the actual entry point is a _start() function and _start() calls main() ). Internally, calling the main() function saves the return address (the address to return to when the function is over). This is obviously dependent on the CPU and compiler, but the return address is often saved on the stack, next to the array p . When doing a buffer overflow on p , you may overwrite the return address, hence things go wrong when main() tries to return. Most likely the program will branch to an address which doesn't exist or is not executable.

Note that an attacker could exploit this kind of bug to try to jump to a given location and execute a piece of code that wasn't supposed to be executed.

Answer 2

You are copying the string that the user supplied on the command line to a buffer that is too short, which means anything could happen. In this case, you don't need to copy the string at all as you can run strcmp() on the password string directly.

Eg

checkpass(char *password)
{
    return !strcmp(password, "Hello");
}

(this assumes that password is a nul-terminated string)