what is a good starting point for learning buffer overflow
an article with examples and pointers would be great ...
buffer-overflow
Confused by gdb print ptr vs print "%s"
1167 ptr = (void*)getcwd(cwd, MAX_PATH_LENGTH-1); (gdb) n 1168 if (!ptr) { (gdb) print ptr $1 = 0xbff2d96c "/media/MMC-SD/partition1/aaaaaaaaaaa" (gdb) print &cwd $2 = (char (*)[3500]) 0xbff2d96c (gdb) print strlen(cwd) $3 = 36 (gdb) print "%s",cwd $4 = "/media/MMC-SD/partition1/aaaaaaaaaaa", '\0' <repeats 912 times>, "��O�001\...
How can I overcome inconsistent behaviour of snprintf in different UNIX-like operating systems??
Per man pages, snprintf is returning number of bytes written from glibc version 2.2 onwards. But on lower versions of libc2.2 and HP-UX, it returns a positive integer, which could lead to a buffer overflow. How can one overcome this and write portable code? Edit : For want of more clarity This code is working perfectly in lib 2.3 if...
Is buffer overflow/overrun possible in completely managed asp.net c# web application
Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested. ...
What C/C++ functions are most often used incorrectly and can lead to buffer overflows?
I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know). I've decided to removing the buffer overflows first, starting with the dangerous functions. What C/C++ functions that are...
What C/C++ tools can check for buffer overflows?
I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know). I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for bu...
Basic C Question
I am reading over the KR book, and am a little stuck. What is wrong with the following? void getInput(int* output) { int c, i; for(i=0; (c = getchar()) != '\n'; i++) output[i] = c; // printf("%c", c) prints the c value as expected output[++i] = '\0'; } When I run the program it never gets out of the loop and I have to c...
Stack Overflow Exploit in C
Hey there guys, the question is actually about stack overflows in C. I have an assigment that I can not get done for the life of me, i've looked at everything in the gdb and I just cant figure it. The question is the following: int i,n; void confused() { printf("who called me"); exit(0); } void shell_call(char *c) { prin...
How are buffer overflows used to exploit computers?
How are buffer overflows used to exploit computers? How is one able to execute arbitrary code simply by causing stack or heap overflows? I understand that portions of the programs memory are overwritten that aren't supposed to be, but I don't see how this leads to one executing their own code. Also, must the 3rd party's malicious co...
Does Java have buffer overflows?
Does Java have buffer overflows? If yes can you give me scenarios? ...
Secure C and the universities - trained for buffer overflow
Hi! I recently finished a university course in C. Therefore I lack experience, of course. Some universities tend to teach their students secure programming, or at least some elements. There's even a video (taken from here). Being in C, copying strings, requires - as far as I know - strcpy or string.h functions. How do you use it secu...
Stack smashing problem
I am trying to do an example from the Smashing the Stack for Fun and Profit in C, but am kind of stuck at a point, following is the code (I have a 64-bit machine with Ubuntu 64-bit): int main() { int x; x = 0; func(1,2,3); x = 1; printf("x is : %d\n", x); } void func(int a, int b, int c) { char buffer[1]; i...
stack execution protection and randomization on ubuntu
Hi all, As part of a course assignment i need to write an exploit code to cause a buffer overflow and execute code that is present on stack. I have turned off the stack randomiztion by the following command: sysctl -w kernel.randomize_va_space=0 However, i am unable to find a way to turn off the stack execution protection. I am not sur...
Is this really a buffer overflow?
The static analysis tool we use is flagging C code similar to the following as a critical buffer overflow. #define size 64 char buf [size + 1] = ""; memset (buf, 0, size + 1); The tool's error message is: Buffer Overflow (Array Index Out of Bounds): The array 'buf' size is 1. Array 'buf' may use the 0..64 index. Is this legitimat...
What is a buffer overflow and how do I cause one?
I have heard about a buffer overflow and I would like to know how to cause one. Can someone show me a small buffer overflow example? New(And what they are used for?) ...
heap overflow attacks
How heap overflow attacks are done? In case of stackoverflow attacks, the attacker replaces the function return address with his address. How this is done in heap overflow attacks? Also, is it possible to run code from heap? ...
Would a C#/.Net web browser be susceptible to exploits?
Is it correct to say that the .Net platform is more secure because the CLR guards against buffer overflow attacks? Assuming there was a web browser running in a managed OS (like Cosmos, SharpOS or Singularity), would it be technically possible for an attacker to inject IL code into the app? Would I have to worry about attacks that aren...
JSP Buffer overflow
I have a 1MB file to upload and the following is set and I get an exception. I think it is my buffer size and or the autoFlush setting. currently: <%@ page errorPage="error.jsp" buffer="500kb" autoFlush="false" %> I tried to set the buffer to 2000KB but no luk. Any ideas? Thanks ...
Memory invasion
Some time ago I heard about memory invasions, when some part of software A gets inside another part of the same software A, therefore stopping the program from working correctly. Do memory invasion really exist? I mean, I've been using C++ and I know arrays can grow indefinetly, but can they grow over other structures? If arrays won't ...
Vulnerability & Exploit Case Studies.
I understand the general idea of how vulnerabilities are exploited. Buffer overflows and stuff like that, but I guess I don't REALLY get it. Are there useful sources of information that explain this area well? Maybe case studies about how particular vulnerabilities were exploited? Even more interesting would be how projects you have ...