Causing a buffer Overflow with fgets

Question

I\'m experimenting with buffer overflows and try to overwrite the return address of the stack with a certain input of fgets

This is the code:

void fo         


        

Answer 1

void bar()
{
    char buf[20];
    puts("Input:");
    fgets(buf, 24, stdin);
    printf("Your input:.\n", strlen(buf));
}

... This works and causes a segmentation fault...

The compiler is probably replacing fgets with a safer variant that includes a check on the destination buffer size. If the check fails, the the prgram unconditionally calls abort().

In this particular case, you should compile the program with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0.