Penetration Testing mailing list archives
Re: Buffer Overflow Help
From: "jmiller" <secadmin () subversive cc>
Date: Tue, 30 Jul 2002 23:54:14 -0700
<snip>
The following example should bypass the "x=1" statement and print the original value of "x" which is 0 (zero). Here's the code. -=-=-=-=-=-=-=-=-=-=-=-=-= void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8; }
i am failing to see how this should bypass anything, it is all byval, not byref. this function is isolated from your prog. bufffer1, buffer2, and ret are all dissapearing when the function is done... i am also failing to see how the function would affect x at all. JMiller
void main() { int x; x=0; function(1,2,3); x=1; printf("%d\n",x); } -=-=-=-=-=-=-=-=-=-=-=-= When I compile and execute this code it displays one and exits. I have
tryed
this on RedHat 7.3 and Debian 2.2r6, both giving me the same result.
Does
anyone have any insight into why this wouldn't work? After looking into
the
assembly behind it, I think it has something to do with the "word size",
but
can't seem to find any information as to what the "word size" is in
Debian
or RedHat. Any and All comments/suggestions are more than welcome. Also if anyone
knows
of some other good text files/documents that talk about buffer overflows
I
would be happy to receive links. Leonard Leblanc--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/-- Public-key [ http://home.no.net/jullum/ejl.asc ] --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Buffer Overflow Help Leonard Leblanc (Jul 30)
- Re: Buffer Overflow Help Scott Nursten (Jul 30)
- Re: Buffer Overflow Help Erlend J. Leiknes (Jul 30)
- Re: Buffer Overflow Help jmiller (Jul 31)
- Re: Buffer Overflow Help Geoffroy Raimbault (Jul 31)
- Re: Buffer Overflow Help Rafael Coninck Teigao (Jul 31)
- Re: Buffer Overflow Help jmiller (Jul 31)
- Re: Buffer Overflow Help Rafael Coninck Teigao (Jul 31)
- Re: Buffer Overflow Help Chris Hall (Jul 31)
- <Possible follow-ups>
- Re: Buffer Overflow Help Felipe Moreno (Jul 31)