buffer-overflow

What is the behavior of %(limit)[^\n] in scanf ? It is safety from overflow?

断了今生、忘了曾经 提交于 2021-02-16 05:24:44
问题 The format %(limit)[^\n] for scanf function is unsafe ? (where (limit) is the length -1 of the string) If it is unsafe, why ? And there is a safe way to implement a function that catch strings just using scanf() ? On Linux Programmer's Manual, (typing man scanf on terminal), the s format said: Matches a sequence of non-white-space characters; the next pointer must be a pointer to character array that is long enough to hold the input sequence and the terminating null byte ('\0'),which is added

Why does removing 'cout' from my function change its result? [closed]

允我心安 提交于 2021-02-16 04:09:32
问题 Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 7 years ago . Improve this question I am an intermediate programmer, writing a program that's probably much to complicated for me. The programs aim is to construct certain 2-d arrays, and has a few different class objects that are communicating with each other in a not-so-simple way. In order to

Explanation of C buffer overflow

耗尽温柔 提交于 2021-02-09 07:08:33
问题 I try to understand buffer overflows. This is my code: #include <stdio.h> int main() { char buf[5] = { 0 }; char x = 'u'; printf("Please enter your name: "); gets(buf); printf("Hello %s!", buf); return 0; } The buf array is of size five and initialized with 0es. So (with null termination) I have space for four characters. If I enter five characters (stack for example), I overwrite the null termination character and printf should print "Hello stacku!" because of the succeeding variable x . But

Explanation of C buffer overflow

心已入冬 提交于 2021-02-09 07:00:17
问题 I try to understand buffer overflows. This is my code: #include <stdio.h> int main() { char buf[5] = { 0 }; char x = 'u'; printf("Please enter your name: "); gets(buf); printf("Hello %s!", buf); return 0; } The buf array is of size five and initialized with 0es. So (with null termination) I have space for four characters. If I enter five characters (stack for example), I overwrite the null termination character and printf should print "Hello stacku!" because of the succeeding variable x . But

shellcode buffer overflow -SegFault

时光毁灭记忆、已成空白 提交于 2021-02-08 11:15:10
问题 I'm trying to run this shellcode but I keep getting segmentation fault /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h> const char code[] = "\x31\xc0" /* Line 1: xorl %eax,%eax */ "\x50" /* Line 2: pushl %eax */ "\x68""//sh" /* Line 3: pushl $0x68732f2f */ "\x68""/bin" /* Line 4: pushl $0x6e69622f */ "\x89\xe3" /* Line 5: movl %esp,%ebx */ "\x50" /* Line 6: pushl %eax */ "\x53" /* Line 7:

shellcode buffer overflow -SegFault

南楼画角 提交于 2021-02-08 11:12:44
问题 I'm trying to run this shellcode but I keep getting segmentation fault /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h> const char code[] = "\x31\xc0" /* Line 1: xorl %eax,%eax */ "\x50" /* Line 2: pushl %eax */ "\x68""//sh" /* Line 3: pushl $0x68732f2f */ "\x68""/bin" /* Line 4: pushl $0x6e69622f */ "\x89\xe3" /* Line 5: movl %esp,%ebx */ "\x50" /* Line 6: pushl %eax */ "\x53" /* Line 7:

Would having the call stack grow upward make buffer overruns safer?

亡梦爱人 提交于 2021-02-05 04:56:16
问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

Would having the call stack grow upward make buffer overruns safer?

情到浓时终转凉″ 提交于 2021-02-05 04:54:06
问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

Would having the call stack grow upward make buffer overruns safer?

瘦欲@ 提交于 2021-02-05 04:53:32
问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

How to avoid buffer overflow using scanf

安稳与你 提交于 2020-12-13 04:39:28
问题 #include <stdio.h> #include <stdlib.h> int main(int argc, char **argv) { char first_name[20]; char last_name[20]; int student_num; char debts[1]; printf("Enter name:"); scanf("%s", first_name); printf("Enter lastname:"); scanf("%s", last_name); printf("Enter six bits length student ID:"); scanf("%d", &student_num); printf("Do you have debts for university [Y/N]?"); scanf("%s", debts); printf("\nYour name is %s %s.\n", first_name, last_name); printf("Your Student ID is %d.\n", student_num);