Penetration Testing mailing list archives

Re: Buffer Overflow Help

From: "jmiller" <secadmin () subversive cc>
Date: Tue, 30 Jul 2002 23:54:14 -0700

<snip>

The following example should bypass the "x=1" statement and print the
original value of "x" which is 0 (zero). Here's the code.

-=-=-=-=-=-=-=-=-=-=-=-=-=
void function(int a, int b, int c) {
  char buffer1[5];
  char buffer2[10];
  int *ret;

  ret = buffer1 + 12;
  (*ret) += 8;
}


i am failing to see how this should bypass anything,
it is all byval, not byref. this function is isolated from your prog.
bufffer1, buffer2, and ret are all dissapearing when the function is done...

i am also failing to see how the function would affect x at all.

JMiller


void main() {
  int x;

  x=0;
  function(1,2,3);
  x=1;
  printf("%d\n",x);
}
-=-=-=-=-=-=-=-=-=-=-=-=

When I compile and execute this code it displays one and exits. I have

tryed

this on RedHat 7.3 and Debian 2.2r6, both giving me the same result.

Does

anyone have any insight into why this wouldn't work? After looking into

the

assembly behind it, I think it has something to do with the "word size",

but

can't seem to find any information as to what the "word size" is in

Debian

or RedHat.

Any and All comments/suggestions are more than welcome. Also if anyone

knows

of some other good text files/documents that talk about buffer overflows

would be happy to receive links.

Leonard Leblanc


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



--

Public-key [ http://home.no.net/jullum/ejl.asc ]


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Buffer Overflow Help Leonard Leblanc (Jul 30)
- Re: Buffer Overflow Help Scott Nursten (Jul 30)
- Re: Buffer Overflow Help Erlend J. Leiknes (Jul 30)
  - Re: Buffer Overflow Help jmiller (Jul 31)
    - Re: Buffer Overflow Help Geoffroy Raimbault (Jul 31)
    - Re: Buffer Overflow Help Rafael Coninck Teigao (Jul 31)
- Re: Buffer Overflow Help Rafael Coninck Teigao (Jul 31)
- Re: Buffer Overflow Help Chris Hall (Jul 31)
- <Possible follow-ups>
- Re: Buffer Overflow Help Felipe Moreno (Jul 31)