Vulnerability Development mailing list archives
Re: buffer overflow???
From: markus-kern () GMX NET (Markus Kern)
Date: Sun, 23 Apr 2000 18:03:36 +0200
Cyber_Bob wrote: *** overflow.c *** char buf[15] = "AAAAAAAAAAAAAAA", buf2[256]; char diff; int main(int argc, char *argv[]) { puts("I was just messing around trying to create some type of an overflow"); puts("and recieved a strange result which isn't supposed to happen... somebody"); puts("tell me what I'm experiencing... it's about 2 in the morning right now"); puts("so don't blame me if this looks crappy and thrown together.\n"); if (argc < 2) { printf("\nUsage: %s <offset (try something > 75)>\n\n", argv[0]); exit(-1); }; diff = argv[1]; <= what are you doing here? diff is char, argv[1] is char* puts("Enter A Line of Text..\n\n"); scanf("%s", &buf2); printf("\nThat buffer was stored at: 0x%x", &buf2); printf("\nPreset buffer stored at: 0x%x\n\n", &buf); strcat(buf2, (&buf + diff)); <= ??? buf is practically a pointer. You're adding diff to the address of the pointer printf("Weird Result: %s\n\n", buf2); return 0; } -- Markus
Current thread:
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- buffer overflow??? Cyber_Bob (Apr 23)
- Re: buffer overflow??? Przemyslaw Frasunek (Apr 23)
- Re: buffer overflow??? Sebastian (Apr 23)
- Re: buffer overflow??? Markus Kern (Apr 23)
- exploit for W98 long filenameextensions buffer overflow. Laurent Eschenauer (Apr 23)
- Re: buffer overflow??? Blue Boar (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Thomas Dullien (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. James Dyson (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Arturo Busleiman (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)