Metasploit mailing list archives
Buffer overflow in main
From: wbyoung at u.northwestern.edu (wbyoung at u.northwestern.edu)
Date: Wed, 27 Feb 2008 22:30:24 -0600
This isn't Metasploit specific, but it seems like a good place to ask: If I have a program: int main() { char buffer[64]; gets(buffer); return 0; } On Ubuntu 7.10 using gcc with --no-stack-protector and -z execstack options to compile, you can overflow the buffer and change the return address of main, but when main completes, it does not return to the address you might want. In this program, you can inject a return address and it returns to the address you specify: void run() { char buffer[64]; gets(buffer); } int main() { run(); return 0; } I believe this has to do with the way libc returns from main, but if someone could explain (in as much detail as possible) or point to a resource that explains what is going on here, that'd be great. Thanks! - Whitney Young -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2435 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080227/67b844d6/attachment.bin>
Current thread:
- Buffer overflow in main wbyoung at u.northwestern.edu (Feb 27)
- Buffer overflow in main warlord (Feb 28)
- Buffer overflow in main daniel (Feb 28)
- Message not available
- Buffer overflow in main wbyoung at u.northwestern.edu (Feb 29)