Stack Overflow
Stack Overflow

Questions tagged [buffer-overflow]

Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.

RAM is divided into memory cells with each cell capable of storing a single byte on it's own. Applications use different sizes of the same data type to fulfill their computational needs, which can vary between a single or multiple (arrays) or dynamically allocated (pointers). Problems usually arise when software developers employ the use of arrays or pointers without verifying the destination buffer has sufficient or adequate space.

char Target[10];
char Input[20];
strcpy( Target, Input); // 1st Parameter: Destination, 2nd Parameter: Data

The code listed above plus certain conditions can exhibit the buffer-overflow corruption. If the coder doesn't take the necessary precautions to validate target/input, it will result in data being fed into adjacent memory cells corrupting whatever contents is stored within them.

Such results can be devastating as they affect overall system integrity.

1483 questions
-2
votes
2 answers

How is the shell code of a Buffer Overflow generated

The following codes got my curiosity. I always look, search, and study about the exploit so called "Buffer overflow". I want to know how the code was generated. How and why the code is running? char shellcode[] =…
Lyka
  • 3
  • 1
-2
votes
5 answers

How could the following code be adjusted to prevent a buffer overflow?

void updateConfigParams( void ) { char buffer [512]; int i = 0; while (( c = readFromWireless ()) != NULL) { buffer [ i ] = c; i += 1; } writeConfigParams ( buffer ); } I'm only getting to grips with buffer overflow so please…
HHEX
  • 13
  • 1
  • 1
  • 6
-2
votes
3 answers

C: printf()'s stack vulnerability?

I wrote a simple C program to look at the stack frame of printf() #include int main(void){ printf("%s"); } I thought the way the stack would work is main() would first push "%s" onto the stack, so printf will either seg fault or print…
user3015238
  • 25
  • 4
-2
votes
1 answer

Why can I read more char-data in C than allocated?

This C-code compiles without any errors/warning. When I run this program, I can enter more than 16 chars and it will gladly echo all of my chars. Forever? #include #include #include #define BUFFER_SIZE 16 int…
user1511417
  • 1,880
  • 3
  • 20
  • 41
-2
votes
2 answers

How to do Infinite Loop

My aim is to write an infinite loop. I have to print infinitely this string "Hello World %s" and I can just use ROP (Return-oriented programming). gcc -fno-stack-protector loop.c -o loop I can compile as shown. How can I do…
epoxxy
  • 97
  • 1
  • 8
-2
votes
2 answers

memcpy() not working as expected

I'm trying to make a simple implementation of the Heartbleed Bug in C/C++ over Linux (Using ElementaryOS on vmplayer). From my understanding of the heartbleed bug, it involves the client sending a heartbeat request to the server, specifying a…
Aamir Khan
  • 2,945
  • 2
  • 25
  • 32
-2
votes
4 answers

problem with ansi c unexpected behaviour?

I am suffering from an unexpected behavior; here is the problem definition: I have applications communicating on a LAN via UDP protocol. I am reading the IP address and port number from a text file. Initially the IP address and port number are…
Badr
  • 10,384
  • 15
  • 70
  • 104
-2
votes
1 answer

gethostbyname buffer overflow

I study about GHOST or CVE-2015-0235 vulnerability. I find out that my system is vulnerable. I write a test program to see the effect of this. but I cant see any thing. hear is my attemps: user@debian:~$ uname -a Linux debian…
elahe
  • 91
  • 1
  • 10
-2
votes
1 answer

protect the program from buffer overflow?

I got a small program which is vulnerable to buffer overflow. For example, the arrays are limited to 8 characters, but still I am able to more to it. I realized that gets() is vulnerable so I planned to use fgets(). This this function, I am getting…
user3131067
  • 15
  • 1
  • 5
-2
votes
2 answers

About Stack Buffer Overflow Exploits

I'm trying to learn how to write exploits for stack overflows by installing random apps from SourceForge and testing them with bad inputs. I faced some programs where the app crashes but my input doesn't overwrite the EIP register... What should I…
user3396251
  • 79
  • 4
-2
votes
5 answers

How to prevent password masking from bufferoverflow

#include #include #include int main () { char input[255]; int i = 0; for(;;i++) /* Infinite loop, exited when RETURN is pressed */ { char temp; temp = getch (); /* Get the current character of the password…
Kamal Kafkaesque
  • 57
  • 1
  • 2
  • 7
-2
votes
1 answer

Buffer management in c

i have a buffer sized 2000, the data to be inserted is unlimited. I want, data more than 2000 should be added from the end of the buffer, i.e. push all data from right to left and insert new data at the end of the buffer. So, what kind of algorithm…
user1042813
  • 117
  • 1
  • 9
-3
votes
1 answer

why is it possible to access memory beyond the amount i malloc

I was testing a c program in order to see what happens in a loop if inside a string allocated with malloc i replace \0 with any other character. What I thought it gave me as output is either segmentation fault or access to another area of ​​memory…
username
  • 15
  • 4
-3
votes
1 answer

Getting a buffer overflow when trying to print. Can anyone spot the issue?

Getting a buffer overflow when compiling this code. Can anyone spot the issue? No error at all when compiled in Windows terminal but the strings refuse to print. Tried changing to subscript notation but compiler just throwing loads of…
danocar
  • 1
  • 2
-3
votes
2 answers

gets vs fgets for overflow in program

i have the following c program. when i enter input as bytebyte it is giving the wrong input due to buffer overflow. this is the program #include #include #include int main(void) { // Use a struct to force local…
cseprojects 14batch
  • 41
  • 5
1 2 3
98 99