buffer-overflow

问题 The format %(limit)[^\n] for scanf function is unsafe ? (where (limit) is the length -1 of the string) If it is unsafe, why ? And there is a safe way to implement a function that catch strings just using scanf() ? On Linux Programmer's Manual, (typing man scanf on terminal), the s format said: Matches a sequence of non-white-space characters; the next pointer must be a pointer to character array that is long enough to hold the input sequence and the terminating null byte ('\0'),which is added

问题 Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 7 years ago . Improve this question I am an intermediate programmer, writing a program that's probably much to complicated for me. The programs aim is to construct certain 2-d arrays, and has a few different class objects that are communicating with each other in a not-so-simple way. In order to

问题 I try to understand buffer overflows. This is my code: #include <stdio.h> int main() { char buf[5] = { 0 }; char x = 'u'; printf("Please enter your name: "); gets(buf); printf("Hello %s!", buf); return 0; } The buf array is of size five and initialized with 0es. So (with null termination) I have space for four characters. If I enter five characters (stack for example), I overwrite the null termination character and printf should print "Hello stacku!" because of the succeeding variable x . But

问题 I try to understand buffer overflows. This is my code: #include <stdio.h> int main() { char buf[5] = { 0 }; char x = 'u'; printf("Please enter your name: "); gets(buf); printf("Hello %s!", buf); return 0; } The buf array is of size five and initialized with 0es. So (with null termination) I have space for four characters. If I enter five characters (stack for example), I overwrite the null termination character and printf should print "Hello stacku!" because of the succeeding variable x . But

问题 I'm trying to run this shellcode but I keep getting segmentation fault /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h> const char code[] = "\x31\xc0" /* Line 1: xorl %eax,%eax */ "\x50" /* Line 2: pushl %eax */ "\x68""//sh" /* Line 3: pushl $0x68732f2f */ "\x68""/bin" /* Line 4: pushl $0x6e69622f */ "\x89\xe3" /* Line 5: movl %esp,%ebx */ "\x50" /* Line 6: pushl %eax */ "\x53" /* Line 7:

问题 I'm trying to run this shellcode but I keep getting segmentation fault /* call_shellcode.c */ /*A program that creates a file containing code for launching shell*/ #include <stdlib.h> #include <stdio.h> #include <string.h> const char code[] = "\x31\xc0" /* Line 1: xorl %eax,%eax */ "\x50" /* Line 2: pushl %eax */ "\x68""//sh" /* Line 3: pushl $0x68732f2f */ "\x68""/bin" /* Line 4: pushl $0x6e69622f */ "\x89\xe3" /* Line 5: movl %esp,%ebx */ "\x50" /* Line 6: pushl %eax */ "\x53" /* Line 7:

问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

问题 Each thread has its own stack to store local variables. But stacks are also used to store return addresses when calling a function. In x86 assembly, esp points to the most-recently allocated end of the stack. Today, most CPUs have stack grow negatively. This behavior enables arbitrary code execution by overflowing the buffer and overwriting the saved return address. If the stack was to grow positively, such attacks would not be feasible. Is it safer to have the call stack grow upwards? Why

问题 #include <stdio.h> #include <stdlib.h> int main(int argc, char **argv) { char first_name[20]; char last_name[20]; int student_num; char debts[1]; printf("Enter name:"); scanf("%s", first_name); printf("Enter lastname:"); scanf("%s", last_name); printf("Enter six bits length student ID:"); scanf("%d", &student_num); printf("Do you have debts for university [Y/N]?"); scanf("%s", debts); printf("\nYour name is %s %s.\n", first_name, last_name); printf("Your Student ID is %d.\n", student_num);