Re: Buffer Overflow Help

From: Chris Hall (chall@verio.net)
Date: Wed Jul 31 2002 - 12:45:53 EDT


    There was a thread on the vuln-dev list about this very same issue.
I believe the distance calculated depends
on the enviornment , ( ie: 8,16,32,64 bit systems )

http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1

-- Chris

Leonard Leblanc wrote:

>Hello All,
>
>I am trying to experience buffer overflows first hand. I have glanced at a
>number of articles and have decided to focus on "Smashing the Stack for Fun
>and Profit" from Phrack Issue 49. I am trying out the examples from the text
>and when I get to example 3 (which is the first real overflow example) it
>doesn't quite work and I'm having a little trouble figuring it out.
>
>The following example should bypass the "x=1" statement and print the
>original value of "x" which is 0 (zero). Here's the code.
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=
>void function(int a, int b, int c) {
> char buffer1[5];
> char buffer2[10];
> int *ret;
>
> ret = buffer1 + 12;
> (*ret) += 8;
>}
>
>void main() {
> int x;
>
> x=0;
> function(1,2,3);
> x=1;
> printf("%d\n",x);
>}
>-=-=-=-=-=-=-=-=-=-=-=-=
>
>When I compile and execute this code it displays one and exits. I have tryed
>this on RedHat 7.3 and Debian 2.2r6, both giving me the same result. Does
>anyone have any insight into why this wouldn't work? After looking into the
>assembly behind it, I think it has something to do with the "word size", but
>can't seem to find any information as to what the "word size" is in Debian
>or RedHat.
>
>Any and All comments/suggestions are more than welcome. Also if anyone knows
>of some other good text files/documents that talk about buffer overflows I
>would be happy to receive links.
>
>Leonard Leblanc
>

>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT