The implicit function __strcpy_chk() call

Question

Hi everyone:

I'm now performing a stack buffer overflow attack test on my own PC( Ubuntu 9.10, gcc-4.4.1 ) based on the article http://www.tenouk.com/Bufferoverflowc/Bufferoverflow4.html. Yet I haven't achieved the goal. Each time a segfault is thrown accompanied with some error informaiton.

I compile the source code, and wanna get further information using objdump. Function __strcpy_chk is invoked in the assembly code dumped out, and it's said that "The __strcpy_chk() function is not in the source standard; it is only in the binary standard." Does this the mechanism a compiler employed to protect runtime stack? To finish my test, how can I bypass the protection?

Regards.

Answer 1

The function is attempting to check that you don't smash things up too badly by accident (i.e., overwriting the return address of the function) and it's part of the implementation of strcpy and not its specification. It's only a partial patch for the problems with strcpy, but it does protect you a fair bit against the problems that that webpage talks about, and only with a small cost.

If you want to avoid it, write your own version of strcpy. The naïve implementation you'll “first” think of should have the problem and will do nicely for demonstration.