Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Oct 2004 20:41:52 -0500
From:      "Conrad J. Sabatier" <conrads@cox.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: No Buffer Overflow
Message-ID:  <20041017204152.4046638e@dolphin.local.net>
In-Reply-To: <20041018000118.GB664@gothmog.gr>
References:  <4172F3D2.8040200@uiowa.edu> <20041018000118.GB664@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 18 Oct 2004 03:01:18 +0300, Giorgos Keramidas
<keramida@ceid.upatras.gr> wrote:

> On 2004-10-17 17:36, Jason Dusek <jason-dusek@uiowa.edu> wrote:
> > Hi Everyone,
> >
> > I am reading an intro to shell-coding, and the following program is
> > used as a simple example of vulnerable code:
> >
> > : int
> > : main(int argc, char **argv, char **envp)
> > : {
> > :     char buf[256];
> > :     strcpy(buf, argv[1]);
> > :
> > :     return 0;
> > : }
> >
> > When I run this code like this:
> >
> >   18 > vuln
> >   Segmentation fault (core dumped)
> >
> > it segfaults, like the tutorial says.
> 
> This invocation of the program segfaults because it tries to
> dereference a NULL pointer while strcpy() runs.
> 
> > In the tutorial this line:
> > 19 > vuln `perl -e 'print "A"x256 . "BBBB" . "CCCC"'`
> >
> > also segfaults, but not on my machine. Is this some FreeBSD security
> > feature?  If this doesn't cause a segfault, does it still overflow?
> 
> The overflow still occurs.  You just happen to be overwriting random
> stack data.  By invoking undefined behavior, after writing past the
> end of an array, you shouldn't expect to get predictable results; not
> even a segmentation fault is guaranteed.

I'm glad you replied to the OP, because the way he was showing his
attempts to run the program, it looked like he was invoking some
programs called "18" and "19" and redirecting their stdout to "vuln". 

You must have already been familiar with the book or tutorial he was
referring to.  :-)

-- 
Conrad J. Sabatier <conrads@cox.net> -- "In Unix veritas"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041017204152.4046638e>