buffer overflow

코딩

#include <stdio.h>

void main()

{

char *name;

char *command;

name=(char *)malloc(10);

command=(char *)malloc(128);

printf("address of Name is : %d \n", name);

printf("address of Command is : %d \n", command);

printf("Difference between address is : %d \n", command-name);

printf("hey Enter your name: ");

gets(name);

printf("Hellow %s\n", name);

system(command);

}

컴파일

MacBook-2:~ MGP$ gcc buffer.c -o buffer

실행

MacBook-2:~ MGP$ ./buffer

address of Name is : -1337968080 

address of Command is : -1337968064 

Difference between address is : 16 

warning: this program uses gets(), which is unsafe.

hey Enter your name: www.keralacyberforces.in

Hellow www.keralacyberforces.in

sh: orces.in: command not found

MacBook-2:~ MGP$ ./buffer

address of Name is : 155204144 

address of Command is : 155204160 

Difference between address is : 16 

warning: this program uses gets(), which is unsafe.

hey Enter your name: www.keralacyberfcat /etc/passwd

cat /etc/passwd가 실행된다.

This buffer overflow is caused because the gets() function doesn't limit's the length of the input.

To overrule this buffer overflow you can use frets(name, 10, stdin); where it will read a maximum of 10 characters from the input.