buffer-overflow

memory allocation in C

I have a question regarding memory allocation order. In the following code I allocate in a loop 4 strings. But when I print the addresses they don't seem to be allocated one after the other... Am I doing something wrong or is it some sort of defense mechanism implemented by the OS to prevent possible buffer overflows? (I use Windows Vist...

Android SDK installation error - "no buffer space available (maximum connections reached?): recv failed

Hello I am trying to get my environment setup to develop an android app so I downloaded the SDK (http://developer.android.com/sdk/installing.html). After unpacking the files and running the SDK Setup.exe, the Android SDK and AVD manager opens up. During the installation process, I got an error stating the following: Failed to fetch ...

Is it possible to download Android SDK components without using the Android SDK management utility?

During the installation of my Android SDK, I am getting stuck during the process where the manager goes out and downloads all the revisions of the APIs and the SDKs. It is potentially due to a socket issue that typically occurs when a database query is called and there are a large number of TCP connections... according to googling my er...

Buffer overflow or Race Condition with multiple NSInputStream, NSOutputStream and NSURLConnection?

Hi, I have a strange problem with some multiple input/output streams and NSURLConnection: First I open each one NSInputStream and NSOutputStream. They are communicating with a socket connection. After some communication I open a second socket connection. After that I need to connect to a web server by using NSURLConnection. After the c...

How to read from buffer with feedback, so doesn't buffer overflow?

Hi, I have this code #define BUFFER_LEN (2048) static float buffer[BUFFER_LEN]; int readcount; while ((readcount = sf_read_float(handle, buffer, BUFFER_LEN))) { // alsa play } which reads BUFFER_LEN floats from buffer, and returns the number of floats it actually read. "handle" tells sf_rad_float how big buffer is. E.g. if buffer...

string overflow detection in C

We are using DevPartners boundchecker for detecting memory leak issues. It is doing a wonderful job, though it does not find string overflows like the following char szTest [1] = ""; for (i = 0; i < 100; i ++) { strcat (szTest, "hi"); } Question-1: Is their any way, I can make BoundsChecker to detect this? Question-2: Is their ...

C - how can I invoke buffer overflow [hw problem, not hacking]?

Hi! I got a hw assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this: #include <stdio.h> #include <stdlib.h> void g() { printf("now inside g()!\n"); } void f() { printf("now inside f()!\n"); // can only modify this section // cant call g(), maybe...

How to turn off gcc compiler optimization to enable buffer overflow

Hello - I'm working on a hw problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. I realize it's architecture dependant - my machine runs w/ 32-bit Intel processor. Thanks. ...

Special PHP Errors

How can PHP cause memory leaks, buffer overflows, stack overflows and any other errors of such kind? Can PHP even cause such errors? ...

For buffer overflows, what is the stack address when using pthreads?

I'm taking a class in computer security and there is an extra credit assignment to insert executable code into a buffer overflow. I have the c source code for the target program I'm trying to manipulate, and I've gotten to the point where I can successfully overwrite the eip for the current function stack frame. However, I always get a S...

How does memory management in Java and C# differ?

I was reading through 2010 CWE/SANS Top 25 Most Dangerous Programming Errors and one of the entries is for Buffer Copy without Checking Size of Input. It suggests using a language with features to prevent or mitigate this problem, and says: For example, many languages that perform their own memory management, such as Java and Per...

Is there a buffer overflow helloworld for c++?

I tried the code provided by this question,but it doesn't work. How to contrive an overflow to wrap my head around? Update: .file "hw.cpp" .section .rdata,"dr" LC0: .ascii "Oh shit really bad~!\15\12\0" .text .align 2 .globl __Z3badv .def __Z3badv; .scl 2; .type 32; .endef __Z3badv: pushl %eb...

How to write a buffer-overflow exploit in GCC,windows XP,x86?

void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } The above demo is from here: http://insecure.org/stf/smashstack.html But it's not working here: D:\tes...

Is there a default buffer length for 'sprintf' method?

Hi, I used sprintf method to format data to a string which I want to write to a file, in C++ console application using VS 2008. The Input is a particular message, which has various variables and values (ex: Type 'int' and Value '10' / Type string and value "abc", etc.) When I send a two messages it works perfectly. But When I send more ...

Illustration of buffer overflows for students (linux, C)

Hello My friend is teacher of first-year CS students. We want to show them buffer overflow exploitation. But modern distribs are protected from simples buffer overflows: HOME=`perl -e "print 'A'x269"` one_widely_used_utility_is_here --help on debian (blame it) Caught signal 11, on modern commercial redhat *** buffer overflow de...

about buffer overflow

hello guys, I am new to the ethical hacking world, and one of the most important things is the stack overflow, anyway I coded a vulnerable C program which has a char name [400] statement, and when I try to run the program with 401A's it doesn't overflow, but the book which I am following says it must overflow and the logic sense says so...

Printf in assembler doesn't print

Hi there, I have got a homework to hack program using buffer overflow ( with disassambling, program was written in C++, I haven't got the source code ). I have already managed it but I have a problem. I have to print some message on the screen, so I found out address of printf function, pushed address of "HACKED" and address of "%s" on t...

Need help with buffer overrun.

I've got a buffer overrun I absolutely can't see to figure out (in C). First of all, it only happens maybe 10% of the time or so. The data that it is pulling from the DB each time doesn't seem to be all that much different between executions... at least not different enough for me to find any discernible pattern as to when it happens. ...

Jumping into argv?

Hi, I`am experimenting with shellcode and stumbled upon the nop-slide technique. I wrote a little tool that takes buffer-size as a parameter and constructs a buffer like this: [ NOP | SC | RET ], with NOP taking half of the buffer, followed by the shellcode and the rest filled with the (guessed) return address. Its very similar to the t...

Shellcode for a simple stack overflow: Exploited program with shell terminates directly after execve("/bin/sh")

Hi, I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It jumps to the stack and executes the shellcode, but it doesn't start a shell. The execv...