From: Matt Woodyard (woodyard@sdgky.com)
Date: Wed Aug 14 2002 - 22:27:02 EDT
Is this not related to wide-character unices? I seem to recall that when
I ran through this tutorial having a unicode enabled glibc messed with
it pretty bad.
On Mon, 2002-08-12 at 13:55, Ali Saifullah Khan wrote:
> Yes, you're right chris.
> the distance calculated also depends on the gcc version used to
> produce the assembley code viewed to calculate the distance on the
> stack moved.
>
> versions of gcc later than ...91 seem to be showing different
> activity.....like skipping 8 bytes instead of 4 for the same
> purpose if i may recall.
>
> please do check up on that last statement....i maybe wrong about
> the # of bytes skipped.
>
> Thankyou.
>
> On Wed, 31 Jul 2002 Chris Hall wrote :
> > There was a thread on the vuln-dev list about this very same
> >issue. I believe the distance calculated depends
> >on the enviornment , ( ie: 8,16,32,64 bit systems )
> >
> >
> >http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1
> >
> >
> >-- Chris
> >
> >Leonard Leblanc wrote:
> >
> >>Hello All,
> >>
> >>I am trying to experience buffer overflows first hand. I have
> >>glanced at a
> >>number of articles and have decided to focus on "Smashing the
> >>Stack for Fun
> >>and Profit" from Phrack Issue 49. I am trying out the examples
> >> from the text
> >>and when I get to example 3 (which is the first real overflow
> >>example) it
> >>doesn't quite work and I'm having a little trouble figuring it
> >>out.
> >>
> >>The following example should bypass the "x=1" statement and
> >>print the
> >>original value of "x" which is 0 (zero). Here's the code.
> >>
> >>-=-=-=-=-=-=-=-=-=-=-=-=-=
> >>void function(int a, int b, int c) {
> >> char buffer1[5];
> >> char buffer2[10];
> >> int *ret;
> >>
> >> ret = buffer1 + 12;
> >> (*ret) += 8;
> >>}
> >>
> >>void main() {
> >> int x;
> >>
> >> x=0;
> >> function(1,2,3);
> >> x=1;
> >> printf("%d\n",x);
> >>}
> >>-=-=-=-=-=-=-=-=-=-=-=-=
> >>
> >>When I compile and execute this code it displays one and exits.
> >>I have tryed
> >>this on RedHat 7.3 and Debian 2.2r6, both giving me the same
> >>result. Does
> >>anyone have any insight into why this wouldn't work? After
> >>looking into the
> >>assembly behind it, I think it has something to do with the
> >>"word size", but
> >>can't seem to find any information as to what the "word size" is
> >>in Debian
> >>or RedHat.
> >>
> >>Any and All comments/suggestions are more than welcome. Also if
> >>anyone knows
> >>of some other good text files/documents that talk about buffer
> >>overflows I
> >>would be happy to receive links.
> >>
> >>Leonard Leblanc
> >>
> >
> >
> >>
> >
> >
> >----------------------------------------------------------------------------
> >This list is provided by the SecurityFocus Security Intelligence
> >Alert (SIA)
> >Service. For more information on SecurityFocus' SIA service
> >which
> >automatically alerts you to the latest security vulnerabilities
> >please see:
> >https://alerts.securityfocus.com/
> >
>
>
> Ali Saifullah Khan,
> Project Administrator,
> ConnPROBE Intrusion Detection System.
> __________________________________________________________
> Give your Company an email address like
> ravi @ ravi-exports.com. Sign up for Rediffmail Pro today!
> Know more. http://www.rediffmailpro.com/signup/
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
-- Matt Woodyard (0x8659BAA7) CISSP SDG - Security Analyst My other computer is in Russia. 8592637344x133 33 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT