Vulnerability Development mailing list archives

Re: buffer overflow???

From: markus-kern () GMX NET (Markus Kern)
Date: Sun, 23 Apr 2000 18:03:36 +0200


Cyber_Bob wrote:

*** overflow.c ***

char buf[15] = "AAAAAAAAAAAAAAA", buf2[256];
char diff;

int main(int argc, char *argv[])
{

  puts("I was just messing around trying to create some type of an
overflow");
  puts("and recieved a strange result which isn't supposed to happen...
somebody");
  puts("tell me what I'm experiencing... it's about 2 in the morning
right now");
  puts("so don't blame me if this looks crappy and thrown
together.\n");

  if (argc < 2) {
    printf("\nUsage: %s <offset (try something > 75)>\n\n", argv[0]);
    exit(-1);
  };

  diff = argv[1];       <= what are you doing here? diff is char, argv[1] is
char*

  puts("Enter A Line of Text..\n\n");
  scanf("%s", &buf2);

  printf("\nThat buffer was stored at: 0x%x", &buf2);
  printf("\nPreset buffer stored at: 0x%x\n\n", &buf);

  strcat(buf2, (&buf + diff));  <= ??? buf is practically a pointer.
You're adding
                                       diff to the address of the pointer

  printf("Weird Result: %s\n\n", buf2);

  return 0;
}

-- Markus

Current thread:

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
  - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
    - buffer overflow??? Cyber_Bob (Apr 23)
    - Re: buffer overflow??? Przemyslaw Frasunek (Apr 23)
    - Re: buffer overflow??? Sebastian (Apr 23)
    - Re: buffer overflow??? Markus Kern (Apr 23)
    - exploit for W98 long filenameextensions buffer overflow. Laurent Eschenauer (Apr 23)
    - Re: buffer overflow??? Blue Boar (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 23)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Thomas Dullien (Apr 23)
  - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. James Dyson (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Arturo Busleiman (Apr 23)

(Thread continues...)