How to conduct buffer overflow in PHP/Python?

Question

Here is an example in c:

#include <stdio.h>
#include <string.h>

void bad() {
    printf("Oh shit really bad~!\r\n");
}

void foo() {
    char overme[4] = "WOW";
    *(int*)(overme+8) = (int)bad;
}

int main() {
   foo();
}

Answer 1

As PHP is a scripting language and has no pointers and the string type is binary-safe such things won't work in PHP.

But why would you want to do such a thing?

(oh, there might be bugs in PHP resulting in a buffer overflow, but that's nothing that canbe relied upon in any way and usually is fixed quite ffast...)

Answer 2

Doing something similar in PHP will not result in the same behavior.

PHP is interpreted and always checks whether the operation you are doing or not is valid.. So you can't - for example - overrun a buffer.

Answer 3

Because php,python and every interpreted language first have to go through an interpreter and you dont have the full access to the memory this kind of languages will not let you to do some kind of games like the code you posted.

Answer 4

The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact, using Pythons ctypes module, it should be possible to create a similar behavior, but significantly harder to do so by accident.

Answer 5

We're sorry: you've reached a weakness in Python. Unfortunately, it's by design, so little can be done about it. Perhaps you should stay with C.

As Martin v. Löwis said:

Python does not support buffer overflows, sorry.

PS Wow. It seems like a few months ago that I read that post, and yet it's been 7 years and a day.