Re: Buffer Overflow Help

From: Chris Hall (challat_private)
Date: Wed Jul 31 2002 - 09:45:53 PDT

Next message: Geoffroy Raimbault: "Re: Buffer Overflow Help"

Previous message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
In reply to: Leonard Leblanc: "Buffer Overflow Help"
Next in thread: Felipe Moreno: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There was a thread on the vuln-dev list about this very same issue. 
I believe the distance calculated depends
on the enviornment , ( ie: 8,16,32,64 bit systems )


http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1


-- Chris

Leonard Leblanc wrote:

>Hello All,
>
>I am trying to experience buffer overflows first hand. I have glanced at a
>number of articles and have decided to focus on "Smashing the Stack for Fun
>and Profit" from Phrack Issue 49. I am trying out the examples from the text
>and when I get to example 3 (which is the first real overflow example) it
>doesn't quite work and I'm having a little trouble figuring it out.
>
>The following example should bypass the "x=1" statement and print the
>original value of "x" which is 0 (zero). Here's the code.
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=
>void function(int a, int b, int c) {
>  char buffer1[5];
>  char buffer2[10];
>  int *ret;
>
>  ret = buffer1 + 12;
>  (*ret) += 8;
>}
>
>void main() {
>  int x;
>
>  x=0;
>  function(1,2,3);
>  x=1;
>  printf("%d\n",x);
>}
>-=-=-=-=-=-=-=-=-=-=-=-=
>
>When I compile and execute this code it displays one and exits. I have tryed
>this on RedHat 7.3 and Debian 2.2r6, both giving me the same result. Does
>anyone have any insight into why this wouldn't work? After looking into the
>assembly behind it, I think it has something to do with the "word size", but
>can't seem to find any information as to what the "word size" is in Debian
>or RedHat.
>
>Any and All comments/suggestions are more than welcome. Also if anyone knows
>of some other good text files/documents that talk about buffer overflows I
>would be happy to receive links.
>
>Leonard Leblanc
>


>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Geoffroy Raimbault: "Re: Buffer Overflow Help"
Previous message: Rafael Coninck Teigao: "Re: Buffer Overflow Help"
In reply to: Leonard Leblanc: "Buffer Overflow Help"
Next in thread: Felipe Moreno: "Re: Buffer Overflow Help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 10:27:26 PDT