Buffer Overflow Attack in C - Can't overwrite stack

1

Recently I had an exercise in my university about Buffer Overflow Attacks. Although I did it, I've had a question since the beginning but none yet seemed to have clearly answered it.

So: I use 2 different input methods in the program:

  1. gets function

  2. while loop with fgetc function

I open the executable files with gdb in Linux and run them with the same ( greater than buffer[12]) input of 32 "A".

What I don't understand:

Using gets function, the stack is being overwritten smoothly and it throws a Segmentation Fault: 0x41414141 in ?? (), which is normal.

Using fgetc function in a while loop, the buffer is being normally written (12 bytes), BUT after that, although the input I gave is extra 20 bytes (32 bytes sum), I see that 0x0000000a follows (which is the '\n' newline char) which doesn't belong there, but at the end. Added to this, after 0x0000000a, it skips some memory addresses and continues to overwrite stack again with the rest of the input.

Why does this happen?

Method 1:

#include <stdio.h>

void readString()
{
    char buffer[12];    
    int i = 0;
    int c;

    /* Different input method */    
    gets(buffer);
    /* End*/

    puts(buffer);
}

int main()
{
    puts("Please enter your name:\n");
    readString();       

    return 0;
}

Method 2:

#include <stdio.h>

void readString()
{
    char buffer[12];    
    int i = 0;
    int c;    

    /* Different input method */    
        while (1) {
        c = fgetc(stdin);
        if ((c == EOF) || (c == '\n'))
            break;   
        buffer[i++] = c;   
   }
    /* End*/

    puts(buffer);
}

int main()
{
    puts("Please enter your name:\n");
    readString();       

    return 0;
}
c
buffer
overflow
overwrite
asked on Stack Overflow May 24, 2018 by AlexP • edited May 24, 2018 by AlexP

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0