0

作为我任务的一部分,我必须在我的 linux 机器上演示 stackoverflow。

我的盒子配置:操作系统:Ubuntu 13.04

GCC 版本:4.6.3

我尝试使用标志 -fno-stack-protector 编译程序,程序成功编译,但是当我触发堆栈溢出时出现分段错误错误。我怎样才能显示实际的o / p。缓冲溢出 Pgm:

int main(int argc, char**argv)
 {
   int authentication=0;
   char cUsername[10], cPassword[10];
   strcpy(cUsername, argv[1]);
   strcpy(cPassword, argv[2]);
   if(strcmp(cUsername, "admin") == 0 && strcmp(cPassword, "adminpass") == 0)
{
       authentication = 1;}
if(authentication)
{
       printf("Access granted");} 
else
{
       printf("Wrong username and password");
    }return 0;}

如果我给一个像 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A 这样的 IP 那么它应该显示访问权限被授予但现在它显示分段错误

4

1 回答 1

2

如果您使用以下参数启动程序,我的 c 编译器会发生这种情况: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA B:

int main(int argc, char**argv)
{
  int authentication=0;
  char cUsername[10], cPassword[10];

  strcpy(cUsername, argv[1]);
  // now cUsername contains "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  // and authentication contains "0x41414141" because it has been overwritten because of the
  // buffer overflow of cUsername

  strcpy(cPassword, argv[2]);
  //now cPassword contains "B"

  if(strcmp(cUsername, "admin") == 0 && strcmp(cPassword, "adminpass") == 0)
  {
    // strings are different so we don't get here
    authentication = 1;
  }

  if (authentication)
  {
    // authentication still contains 0x41414141 therefore we get here
    printf("Access granted");
  } 
  else
  {
    printf("Wrong username and password");
  }

  // here we will get a segmentation fault, because the return adress which is on the
  // stack will have been overwritten with 0x41414141 which is most probably an
  // invalid address
  return 0;
}

顺便说一句,如果您正确格式化代码,则更容易阅读。

重要的

根据您的系统,“访问权限”可能不会被打印出来,因为如果输出被缓冲,输出缓冲区通常在从主函数返回后被清空,并且由于程序段之前出现故障,输出缓冲区永远不会被清空并且消息永远不会显示。尝试在“授予访问权限\n”字符串的末尾添加一个 \n。

于 2014-02-03T13:30:15.117 回答