Re: Buffer Overflow Help

From: jmiller (secadminat_private)
Date: Tue Jul 30 2002 - 23:54:14 PDT

Next message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"

Previous message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
In reply to: Erlend J. Leiknes: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: Geoffroy Raimbault: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<snip>

> > The following example should bypass the "x=1" statement and print the
> > original value of "x" which is 0 (zero). Here's the code.
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=
> > void function(int a, int b, int c) {
> >   char buffer1[5];
> >   char buffer2[10];
> >   int *ret;
> >
> >   ret = buffer1 + 12;
> >   (*ret) += 8;
> > }

i am failing to see how this should bypass anything,
it is all byval, not byref. this function is isolated from your prog.
bufffer1, buffer2, and ret are all dissapearing when the function is done...

i am also failing to see how the function would affect x at all.

JMiller


> >
> > void main() {
> >   int x;
> >
> >   x=0;
> >   function(1,2,3);
> >   x=1;
> >   printf("%d\n",x);
> > }
> > -=-=-=-=-=-=-=-=-=-=-=-=
> >
> > When I compile and execute this code it displays one and exits. I have
tryed
> > this on RedHat 7.3 and Debian 2.2r6, both giving me the same result.
Does
> > anyone have any insight into why this wouldn't work? After looking into
the
> > assembly behind it, I think it has something to do with the "word size",
but
> > can't seem to find any information as to what the "word size" is in
Debian
> > or RedHat.
> >
> > Any and All comments/suggestions are more than welcome. Also if anyone
knows
> > of some other good text files/documents that talk about buffer overflows
I
> > would be happy to receive links.
> >
> > Leonard Leblanc
> >
> >
> >
>
> --------------------------------------------------------------------------
--
> > This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security vulnerabilities please
see:
> > https://alerts.securityfocus.com/
> >
> >
> >
>
>
> --
>
> Public-key [ http://home.no.net/jullum/ejl.asc ]
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Previous message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
In reply to: Erlend J. Leiknes: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Next in thread: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
Reply: Geoffroy Raimbault: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 08:18:28 PDT