There was a thread on the vuln-dev list about this very same issue. I believe the distance calculated depends on the enviornment , ( ie: 8,16,32,64 bit systems ) http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1 -- Chris Leonard Leblanc wrote: >Hello All, > >I am trying to experience buffer overflows first hand. I have glanced at a >number of articles and have decided to focus on "Smashing the Stack for Fun >and Profit" from Phrack Issue 49. I am trying out the examples from the text >and when I get to example 3 (which is the first real overflow example) it >doesn't quite work and I'm having a little trouble figuring it out. > >The following example should bypass the "x=1" statement and print the >original value of "x" which is 0 (zero). Here's the code. > >-=-=-=-=-=-=-=-=-=-=-=-=-= >void function(int a, int b, int c) { > char buffer1[5]; > char buffer2[10]; > int *ret; > > ret = buffer1 + 12; > (*ret) += 8; >} > >void main() { > int x; > > x=0; > function(1,2,3); > x=1; > printf("%d\n",x); >} >-=-=-=-=-=-=-=-=-=-=-=-= > >When I compile and execute this code it displays one and exits. I have tryed >this on RedHat 7.3 and Debian 2.2r6, both giving me the same result. Does >anyone have any insight into why this wouldn't work? After looking into the >assembly behind it, I think it has something to do with the "word size", but >can't seem to find any information as to what the "word size" is in Debian >or RedHat. > >Any and All comments/suggestions are more than welcome. Also if anyone knows >of some other good text files/documents that talk about buffer overflows I >would be happy to receive links. > >Leonard Leblanc > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 10:27:26 PDT